specs/implementation-refines-caterpillar/proofs/1511793347000

initializationn > 0, n0 = n
⊦ ⟪tree_buffer_heap_init#(n0; ; H, rxs, rys, h, xs_len, to_delete)⟫
⟨caterpillar_init#(n; ; h0, xs, xs_len0, ys)⟩
∃ n. ((ls(rxs, xs) * ls(rys, ys) * del-list(to_delete, n)))(H) ∧ n ≤ # xs + # ys ∧ n + # xs ≤ h ∧ h = h0 ∧ xs_len = xs_len0

<_SIDEGOALS>

014initialization-proofinitialization-proof-info

refine-add∃ n. ((ls(rxs, xs) * ls(rys, ys) * del-list(to_delete, n)))(H) ∧ n ≤ # xs + # ys ∧ n + # xs ≤ h ∧ h = h0 ∧ xs_len = xs_len0,
# xs < h0, # xs = xs_len0, # ys = 0 ∨ # ys = h0
⊦ ⟪tree_buffer_heap_add#(a, h; H, rxs, rys, xs_len, to_delete)⟫
⟨caterpillar_add#(a, h0; xs, xs_len0, ys)⟩
∃ n. ((ls(rxs, xs) * ls(rys, ys) * del-list(to_delete, n)))(H) ∧ n ≤ # xs + # ys ∧ n + # xs ≤ h ∧ h = h0 ∧ xs_len = xs_len0

process-queue

<_SIDEGOALS>

1576refine-add-proofrefine-add-proof-info

refine-get∃ n. ((ls(rxs, xs) * ls(rys, ys) * del-list(to_delete, n)))(H) ∧ n ≤ # xs + # ys ∧ n + # xs ≤ h ∧ h = h0 ∧ xs_len = xs_len0,
# xs < h0, # xs = xs_len0, # ys = 0 ∨ # ys = h0
⊦ ⟪tree_buffer_heap_get#(H, rxs, rys, h; ; x)⟫
⟨caterpillar_get#(h0, xs, ys; ; x0)⟩
( (∃ n. ((ls(rxs, xs) * ls(rys, ys) * del-list(to_delete, n)))(H) ∧ n ≤ # xs + # ys ∧ n + # xs ≤ h ∧ h = h0 ∧ xs_len = xs_len0)
∧ x = x0)

<_SIDEGOALS>

534refine-get-proofrefine-get-proof-info

process-one((del-list(to_delete, n) * P))(H)
⊦ ⟪tree_buffer_heap_process_one#(; H, to_delete)⟫
((n ≥ 1 → ((del-list(to_delete, n - 1) * P))(H)) ∧ (n = 0 → to_delete = [] ∧ ((del-list([], 0) * P))(H)))

<_SIDEGOALS>

637process-one-proofprocess-one-proof-info

process-queue((del-list(to_delete, n) * P))(H)
⊦ ⟪tree_buffer_heap_process_queue#(; H, to_delete)⟫
((n ≥ 2 → ((del-list(to_delete, n - 2) * P))(H)) ∧ (n < 2 → to_delete = [] ∧ ((del-list([], 0) * P))(H)))

process-one

<_SIDEGOALS>

717process-queue-proofprocess-queue-proof-info

size-delr ∈ H, r ≠ null ⊦ #(H -- r) = # H - 1

<_SIDEGOALS>

13size-del-proofsize-del-proof-infosls

size-del-0r ∈ H, r ≠ null ⊦ # H ≠ 0

<_SIDEGOALS>

13size-del-0-proofsize-del-0-proof-info

0