LEFTNEIGHBORS-correct1proof-tree.png2708701258251125785212574531257054125665512562562255854022554541225505422254654322542544165585221855452618550527185465281854252918538530185345311853053218526533185225341851853518514536185105371856538185253914554523145505241454652510558517105545181055051910546520105425214558574554584550594546510654251465385156534516254251125385122534513
1stepHeuristic simplifier applied rule simplifier ⊦ ⟨LEFTNEIGHBORS(x; ; lneighbors)⟩ (lneighbors = leftneighbors(x))2 ⊦ ⟨LEFTNEIGHBORS(x; ; lneighbors)⟩ (lneighbors = leftneighbors(x, # x))
Used simplifier rules:
leftneighbors: ⊦ leftneighbors(x) = leftneighbors(x, # x);2stepUser applied rule call right ⊦ ⟨LEFTNEIGHBORS(x; ; lneighbors)⟩ (lneighbors = leftneighbors(x, # x))3⊦ ⟨lneighbors := [];
let xpos = 1, stack = []
in while xpos ≤ # x
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1)
wfbound # x + 1 - xpos;
*/;
while stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!)
wfbound # stack;
*/;
stack := stack.tail};
if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1}⟩
(lneighbors = leftneighbors(x, # x))
pos: right 1Used simplifier rules:
LEFTNEIGHBORS-decl: ⊦ ;3stepHeuristic symbolic execution applied rule assign right⊦ ⟨lneighbors := [];
let xpos = 1, stack = []
in while xpos ≤ # x
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1)
wfbound # x + 1 - xpos;
*/;
while stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!)
wfbound # stack;
*/;
stack := stack.tail};
if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1}⟩
(lneighbors = leftneighbors(x, # x))4lneighbors = []
⊦ ⟨let xpos = 1, stack = []
in while xpos ≤ # x
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1)
wfbound # x + 1 - xpos;
*/;
while stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!)
wfbound # stack;
*/;
stack := stack.tail};
if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1}⟩
(lneighbors = leftneighbors(x, # x))
4stepHeuristic symbolic execution applied rule let rightlneighbors = []
⊦ ⟨let xpos = 1, stack = []
in while xpos ≤ # x
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1)
wfbound # x + 1 - xpos;
*/;
while stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!)
wfbound # stack;
*/;
stack := stack.tail};
if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1}⟩
(lneighbors = leftneighbors(x, # x))5lneighbors = [], stack = [], xpos = 1
⊦ ⟨while xpos ≤ # x
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1)
wfbound # x + 1 - xpos;
*/;
while stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!)
wfbound # stack;
*/;
stack := stack.tail};
if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1}⟩
(lneighbors = leftneighbors(x, # x))
5stepHeuristic annotation applied rule annotation rightlneighbors = [], stack = [], xpos = 1
⊦ ⟨while xpos ≤ # x
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1)
wfbound # x + 1 - xpos;
*/;
while stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!)
wfbound # stack;
*/;
stack := stack.tail};
if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1}⟩
(lneighbors = leftneighbors(x, # x))6stack = [] ↔ xpos = 1, lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [], stack0 = [], xpos = xpos0, xpos1 = 1, xpos ≠ 0,
bounded(stack, 1, xpos), ordered>(stack), valid-stack(stack, x), xpos ≤ # x + 1, xpos ≤ # x, stack ≠ [] → stack.head = xpos - 1
⊦ ⟨while stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!)
wfbound # stack;
*/;
stack := stack.tail};
if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0)
rule: invariant right
arg: inv: xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack)
∧ bounded(stack, 1, xpos) ∧ lneighbors = leftneighbors(x, xpos - 1)
∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1)
fmapos: right 1
bound: # x + 1 - xpos
pos: right 1Used simplifier rules:
ordered-base: ⊦ ordered>([]);
bounded-base: ⊦ bounded([], n0, n1);
leftneighbors-base: ⊦ leftneighbors(x, 0) = [];
valid-stack-base: ⊦ valid-stack([], x);
leftneighbors-base: ⊦ leftneighbors(x, 0) = [];
⊦ m ≤ n ↔ ¬ n < m; (ss)
⊦ m < n → n ≠ 0; (s)
⊦ m < n → (n ≤ m + 1 ↔ n = m + 1); (s)
eqle-one: ⊦ m = n + 1 ∧ n < n0 → m ≤ n0; (forward) from specification nat
f: ⊦ m < n → n ≠ 0; (forward) from specification nat-basic
lf-01: ⊦ m < n ∧ n = n0 → m < n0; (forward) from specification nat-basic
⊦ 1 = m + 1 ↔ m = 0; (s)
⊦ # x = 0 ↔ x = []; (s)
⊦ # [] = 0; (s)
⊦ m + 1 ≠ 0; (s)
⊦ n ≤ m → m + n0 - n = (m - n) + n0; (s)
⊦ n + 0 = n; (s)
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
c: ⊦ m + n = n + m; from specification nat-basic
⊦ m ≤ m + n; (s)
Used formulas: xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack)
∧ bounded(stack, 1, xpos) ∧ lneighbors = leftneighbors(x, xpos - 1)
∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1), # x + 1 - xpos = # x + 1 - xpos6stepHeuristic annotation applied rule annotation rightstack = [] ↔ xpos = 1, lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [], stack0 = [], xpos = xpos0, xpos1 = 1, xpos ≠ 0,
bounded(stack, 1, xpos), ordered>(stack), valid-stack(stack, x), xpos ≤ # x + 1, xpos ≤ # x, stack ≠ [] → stack.head = xpos - 1
⊦ ⟨while stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!
do {/* _:
invariant xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!)
wfbound # stack;
*/;
stack := stack.tail};
if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0)7stack = [] ↔ xpos = 1, lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [], stack0 = [], xpos = xpos0, xpos1 = 1, xpos ≠ 0,
bounded(stack, 1, xpos), ordered>(stack), valid-stack(stack, x), xpos ≤ # x, xpos ≤ # x + 1, stack ≠ [] → stack.head = xpos - 1
⊦ xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!)17stack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack = stack1, stack0 = [], xpos = xpos0, xpos1 = 1, stack ≠ [], xpos ≠ 0, bounded(stack2, 1, xpos), bounded(stack, 1, xpos), ordered>(stack2),
ordered>(stack), valid-stack(stack2, x), valid-stack(stack, x), xpos ≤ # x + 1, xpos ≤ # x, ¬ x[stack.head]! < x[xpos]!,
stack2 ≠ [] → stack2.head = xpos - 1, stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x
⊦ ⟨stack := stack.tail⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!))
∧ # stack < # stack1)22stack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack0 = [], xpos = xpos0, xpos1 = 1, xpos ≠ 0, bounded(stack2, 1, xpos), bounded(stack, 1, xpos), ordered>(stack2), ordered>(stack),
valid-stack(stack2, x), valid-stack(stack, x), xpos ≤ # x + 1, xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1,
stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x
⊦ ⟨if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!40leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), stack ≠ [], xpos ≠ 0, bounded(stack, 1, xpos), ordered>(stack), valid-stack(stack, x),
xpos ≤ # x
⊦ ⟨throw ]!; if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
0 < stack.head ∧ stack.head ≤ # x
rule: invariant right
arg: inv: xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!)
fmapos: right 1
bound: # stack
pos: right 1Used simplifier rules:
one-based-lookup: ⊦ x[n]! = x[n -1];
⊦ n -1 = n - 1; (s)
⊦ 0 < m ↔ m ≠ 0; (s)
Used formulas: xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ valid-stack(stack, x) ∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), # stack = # stack7stepHeuristic simplifier applied rule simplifierstack = [] ↔ xpos = 1, lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [], stack0 = [], xpos = xpos0, xpos1 = 1, xpos ≠ 0,
bounded(stack, 1, xpos), ordered>(stack), valid-stack(stack, x), xpos ≤ # x, xpos ≤ # x + 1, stack ≠ [] → stack.head = xpos - 1
⊦ xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!)8stack = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) ≠ first-lower(stack, x, x[xpos - 1]), xpos ≠ 0, bounded(stack, 1, xpos), ordered>(stack),
valid-stack(stack, x), xpos ≤ # x + 1, xpos ≤ # x, xpos ≠ 1 → stack.head = xpos - 1
⊦
Used simplifier rules:
one-based-lookup: ⊦ x[n]! = x[n -1];
⊦ n -1 = n - 1; (s)8stepHeuristic elimination applied rule apply elim lemmastack = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) ≠ first-lower(stack, x, x[xpos - 1]), xpos ≠ 0, bounded(stack, 1, xpos), ordered>(stack),
valid-stack(stack, x), xpos ≤ # x + 1, xpos ≤ # x, xpos ≠ 1 → stack.head = xpos - 1
⊦ 9stack = [] ↔ xpos = 1, xpos = xpos0 + 1, leftneighbor(x, xpos0) ≠ first-lower(stack, x, x[xpos0]), xpos ≠ 0, bounded(stack, 1, xpos),
ordered>(stack), valid-stack(stack, x), xpos ≤ # x, xpos ≤ # x + 1, xpos ≠ 1 → stack.head = xpos0
⊦
spec: nat, name:elim-pred-c, seq:n ≠ 0 ⊦ m = n - 1 ↔ n = m + 1,
subst:[n, m] → [xpos, xpos0]Used simplifier rules:
n ≠ 0 ⊦ m = n - 1 ↔ n = m + 1; (elim)
Used terms: xpos, m9stepHeuristic simplifier applied rule simplifierstack = [] ↔ xpos = 1, xpos = xpos0 + 1, leftneighbor(x, xpos0) ≠ first-lower(stack, x, x[xpos0]), xpos ≠ 0, bounded(stack, 1, xpos),
ordered>(stack), valid-stack(stack, x), xpos ≤ # x, xpos ≤ # x + 1, xpos ≠ 1 → stack.head = xpos0
⊦ 10stack = [] ↔ xpos0 = 0, leftneighbor(x, xpos0) ≠ first-lower(stack, x, x[xpos0]), x ≠ [], xpos0 < # x, bounded(stack, 1, xpos0 + 1),
ordered>(stack), valid-stack(stack, x), xpos0 ≠ 0 → stack.head = xpos0
⊦
Used simplifier rules:
⊦ # x = 0 ↔ x = []; (s)
f: ⊦ m < n → n ≠ 0; (forward) from specification nat-basic
c: ⊦ m + n = n + m; from specification nat-basic
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
⊦ 1 = m + 1 ↔ m = 0; (s)
⊦ m < n → m ≤ n; (s)
⊦ m + 1 ≤ n ↔ m < n; (s)
⊦ m + n ≤ m + n0 ↔ n ≤ n0; (s)
⊦ m + 1 ≠ 0; (s)10stepUser applied rule constructor cutstack = [] ↔ xpos0 = 0, leftneighbor(x, xpos0) ≠ first-lower(stack, x, x[xpos0]), x ≠ [], xpos0 < # x, bounded(stack, 1, xpos0 + 1),
ordered>(stack), valid-stack(stack, x), xpos0 ≠ 0 → stack.head = xpos0
⊦ 11stack = [] ↔ xpos0 = 0, stack = [], leftneighbor(x, xpos0) ≠ first-lower(stack, x, x[xpos0]), x ≠ [], xpos0 < # x, bounded(stack, 1, xpos0 + 1),
ordered>(stack), valid-stack(stack, x), xpos0 ≠ 0 → stack.head = xpos0
⊦ 14stack = [] ↔ xpos0 = 0, stack = xpos + stack0, leftneighbor(x, xpos0) ≠ first-lower(stack, x, x[xpos0]), x ≠ [], xpos0 < # x,
bounded(stack, 1, xpos0 + 1), ordered>(stack), valid-stack(stack, x), xpos0 ≠ 0 → stack.head = xpos0
⊦
var: stackUsed simplifier rules:
natlist freely generated by [], +;;11stepHeuristic simplifier applied rule simplifierstack = [] ↔ xpos0 = 0, stack = [], leftneighbor(x, xpos0) ≠ first-lower(stack, x, x[xpos0]), x ≠ [], xpos0 < # x, bounded(stack, 1, xpos0 + 1),
ordered>(stack), valid-stack(stack, x), xpos0 ≠ 0 → stack.head = xpos0
⊦ 12leftneighbor(x, 0) ≠ 0, x ≠ [] ⊦
Used simplifier rules:
first-lower-base: ⊦ first-lower([], x, a) = 0;
valid-stack-base: ⊦ valid-stack([], x);
ordered-base: ⊦ ordered>([]);
bounded-base: ⊦ bounded([], n0, n1);
⊦ # x = 0 ↔ x = []; (s)
⊦ 0 < m ↔ m ≠ 0; (s)
lel: ⊦ a < b ∧ a = c → c < b; (forward) from specification oelem[natlist]12stepUser applied rule apply rewrite lemmaleftneighbor(x, 0) ≠ 0, x ≠ [] ⊦ 13n < # x ⊦ leftneighbor(x, n) = 0 ↔ (∀ m. m < n → ¬ x[m] < x[n])
spec: <toplevel>, name:leftneighbor-zero,
seq:n < # x ⊦ leftneighbor(x, n) = 0 ↔ (∀ m. m < n → ¬ x[m] < x[n]),
subst:[x, n] → [x, 0], <all paths>Used simplifier rules:
⊦ x ≠ [] → x[0] = x.head; (s)
⊦ ¬ n < 0; (s)
⊦ 0 < m ↔ m ≠ 0; (s)
⊦ # x = 0 ↔ x = []; (s)
Used terms: x, 013lemmaleftneighbor-zeron < # x ⊦ leftneighbor(x, n) = 0 ↔ (∀ m. m < n → ¬ x[m] < x[n])14stepHeuristic simplifier applied rule simplifierstack = [] ↔ xpos0 = 0, stack = xpos + stack0, leftneighbor(x, xpos0) ≠ first-lower(stack, x, x[xpos0]), x ≠ [], xpos0 < # x,
bounded(stack, 1, xpos0 + 1), ordered>(stack), valid-stack(stack, x), xpos0 ≠ 0 → stack.head = xpos0
⊦ 15# x ≠ 1, leftneighbor(x, xpos0) ≠ first-lower(xpos0 ' + stack0, x, x[xpos0]), x ≠ [], xpos0 ≠ 0, xpos0 < # x, bounded(stack0, 1, xpos0 + 1),
ordered>(xpos0 ' + stack0), valid-stack(xpos0 ' + stack0, x), 1 ≤ xpos0
⊦
Used simplifier rules:
bounded-rec: ⊦ bounded(m ' + stack, n0, n1) ↔ n0 ≤ m ∧ m < n1 ∧ bounded(stack, n0, n1);
⊦ # x = 0 ↔ x = []; (s)
⊦ 1 < m ↔ ¬(m = 0 ∨ m = 1); (s)
fle-01: ⊦ m ≤ n ∧ n < n0 → m < n0; (forward) from specification nat
not-zero: 0 < n ⊦ (* n) ≤ m → m ≠ 0; (forward) from specification nat
⊦ m ≤ m; (s)
let: ⊦ n ≤ n0 ∧ n0 ≤ n1 → n ≤ n1; (forward) from specification nat
a: ⊦ (x + y) + z = x + y + z; from specification list[natlist]
⊦ (a ' + x).head = a; (s)
⊦ a + x = a ' + x; (s)
⊦ m < n ↔ ¬ n ≤ m; (ss)
c: ⊦ m + n = n + m; from specification nat-basic
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
⊦ m < n + 1 ↔ ¬ n < m; (s)
⊦ a ' + x ≠ []; (s)15stepUser applied rule apply rewrite lemma# x ≠ 1, leftneighbor(x, xpos0) ≠ first-lower(xpos0 ' + stack0, x, x[xpos0]), x ≠ [], xpos0 ≠ 0, xpos0 < # x, bounded(stack0, 1, xpos0 + 1),
ordered>(xpos0 ' + stack0), valid-stack(xpos0 ' + stack0, x), 1 ≤ xpos0
⊦ 16xpos < # x ⊦ valid-stack(xpos ' + stack, x) → first-lower(xpos ' + stack, x, x[xpos]) = leftneighbor(x, xpos)
spec: <toplevel>, name:valid-stack-leftneighbor-succ,
seq:xpos < # x
⊦ valid-stack(xpos ' + stack, x)
→ first-lower(xpos ' + stack, x, x[xpos]) = leftneighbor(x, xpos),
subst:[xpos, stack, x] → [xpos0, stack0, x], <all paths>
Used terms: xpos0, stack0, x16lemmavalid-stack-leftneighbor-succxpos < # x ⊦ valid-stack(xpos ' + stack, x) → first-lower(xpos ' + stack, x, x[xpos]) = leftneighbor(x, xpos)17stepHeuristic symbolic execution applied rule assign rightstack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack = stack1, stack0 = [], xpos = xpos0, xpos1 = 1, stack ≠ [], xpos ≠ 0, bounded(stack2, 1, xpos), bounded(stack, 1, xpos), ordered>(stack2),
ordered>(stack), valid-stack(stack2, x), valid-stack(stack, x), xpos ≤ # x + 1, xpos ≤ # x, ¬ x[stack.head]! < x[xpos]!,
stack2 ≠ [] → stack2.head = xpos - 1, stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x
⊦ ⟨stack := stack.tail⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!))
∧ # stack < # stack1)18stack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack = stack1, stack0 = [], xpos = xpos0, xpos1 = 1, stack ≠ [], xpos ≠ 0, bounded(stack, 1, xpos), bounded(stack2, 1, xpos), ordered>(stack),
ordered>(stack2), valid-stack(stack, x), valid-stack(stack2, x), xpos ≤ # x, xpos ≤ # x + 1, ¬ x[stack.head]! < x[xpos]!,
stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1
⊦ ( xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack.tail) ∧ bounded(stack.tail, 1, xpos) ∧ valid-stack(stack.tail, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack.tail, x, x[xpos]!))
∧ # stack.tail < # stack1
18stepHeuristic simplifier applied rule simplifierstack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack = stack1, stack0 = [], xpos = xpos0, xpos1 = 1, stack ≠ [], xpos ≠ 0, bounded(stack, 1, xpos), bounded(stack2, 1, xpos), ordered>(stack),
ordered>(stack2), valid-stack(stack, x), valid-stack(stack2, x), xpos ≤ # x, xpos ≤ # x + 1, ¬ x[stack.head]! < x[xpos]!,
stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1
⊦ ( xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack.tail) ∧ bounded(stack.tail, 1, xpos) ∧ valid-stack(stack.tail, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack.tail, x, x[xpos]!))
∧ # stack.tail < # stack119stack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack1, x, x[xpos - 1]), stack1.head ≠ 0, stack1 ≠ [], xpos ≠ 0,
bounded(stack2, 1, xpos), bounded(stack1, 1, xpos), ordered>(stack2), ordered>(stack1), valid-stack(stack2, x), valid-stack(stack1, x),
xpos ≤ # x + 1, xpos ≤ # x, stack1.head ≤ # x, ¬ x[stack1.head - 1] < x[xpos - 1], xpos ≠ 1 → stack2.head = xpos - 1
⊦ ordered>(stack1.tail) ∧ bounded(stack1.tail, 1, xpos) ∧ valid-stack(stack1.tail, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack1.tail, x, x[xpos - 1])
Used simplifier rules:
one-based-lookup: ⊦ x[n]! = x[n -1];
c: ⊦ m + n = n + m; from specification nat-basic
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
⊦ ¬ a < a; (s)
⊦ m < n + 1 ↔ ¬ n < m; (s)
n0 ≤ n ⊦ n - n0 < m ↔ n < m + n0; (s)
⊦ # x = 0 ↔ x = []; (s)
⊦ m < 1 ↔ m = 0; (s)
⊦ m ≤ n ↔ ¬ n < m; (ss)
⊦ n -1 = n - 1; (s)
⊦ x ≠ [] → # x.tail = (# x)-1; (s)
⊦ 0 < m ↔ m ≠ 0; (s)19stepHeuristic elimination applied rule apply elim lemmastack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack1, x, x[xpos - 1]), stack1.head ≠ 0, stack1 ≠ [], xpos ≠ 0,
bounded(stack2, 1, xpos), bounded(stack1, 1, xpos), ordered>(stack2), ordered>(stack1), valid-stack(stack2, x), valid-stack(stack1, x),
xpos ≤ # x + 1, xpos ≤ # x, stack1.head ≤ # x, ¬ x[stack1.head - 1] < x[xpos - 1], xpos ≠ 1 → stack2.head = xpos - 1
⊦ ordered>(stack1.tail) ∧ bounded(stack1.tail, 1, xpos) ∧ valid-stack(stack1.tail, x)
∧ leftneighbor(x, xpos - 1) = first-lower(stack1.tail, x, x[xpos - 1])20stack2 = [] ↔ xpos = 1, leftneighbor(x, xpos0) = first-lower(stack1, x, x[xpos0]), xpos = xpos0 + 1, stack1.head ≠ 0, stack1 ≠ [], xpos ≠ 0,
bounded(stack1, 1, xpos), bounded(stack2, 1, xpos), ordered>(stack1), ordered>(stack2), valid-stack(stack1, x), valid-stack(stack2, x),
stack1.head ≤ # x, xpos ≤ # x, xpos ≤ # x + 1, ¬ x[stack1.head - 1] < x[xpos0], xpos ≠ 1 → stack2.head = xpos0
⊦ ordered>(stack1.tail) ∧ bounded(stack1.tail, 1, xpos) ∧ valid-stack(stack1.tail, x)
∧ leftneighbor(x, xpos0) = first-lower(stack1.tail, x, x[xpos0])
spec: nat, name:elim-pred-c, seq:n ≠ 0 ⊦ m = n - 1 ↔ n = m + 1,
subst:[n, m] → [xpos, xpos0]Used simplifier rules:
n ≠ 0 ⊦ m = n - 1 ↔ n = m + 1; (elim)
Used terms: xpos, m20stepHeuristic simplifier applied rule simplifierstack2 = [] ↔ xpos = 1, leftneighbor(x, xpos0) = first-lower(stack1, x, x[xpos0]), xpos = xpos0 + 1, stack1.head ≠ 0, stack1 ≠ [], xpos ≠ 0,
bounded(stack1, 1, xpos), bounded(stack2, 1, xpos), ordered>(stack1), ordered>(stack2), valid-stack(stack1, x), valid-stack(stack2, x),
stack1.head ≤ # x, xpos ≤ # x, xpos ≤ # x + 1, ¬ x[stack1.head - 1] < x[xpos0], xpos ≠ 1 → stack2.head = xpos0
⊦ ordered>(stack1.tail) ∧ bounded(stack1.tail, 1, xpos) ∧ valid-stack(stack1.tail, x)
∧ leftneighbor(x, xpos0) = first-lower(stack1.tail, x, x[xpos0])21stack2 = [] ↔ xpos0 = 0, leftneighbor(x, xpos0) = first-lower(stack1, x, x[xpos0]), stack1.head ≠ 0, stack1 ≠ [], x ≠ [], xpos0 < # x,
bounded(stack1, 1, xpos0 + 1), bounded(stack2, 1, xpos0 + 1), ordered>(stack1), ordered>(stack2), valid-stack(stack1, x), valid-stack(stack2, x),
stack1.head ≤ # x, ¬ x[stack1.head - 1] < x[xpos0], xpos0 ≠ 0 → stack2.head = xpos0
⊦ ordered>(stack1.tail) ∧ bounded(stack1.tail, 1, xpos0 + 1) ∧ valid-stack(stack1.tail, x)
∧ leftneighbor(x, xpos0) = first-lower(stack1.tail, x, x[xpos0])
Used simplifier rules:
⊦ # x = 0 ↔ x = []; (s)
f: ⊦ m < n → n ≠ 0; (forward) from specification nat-basic
c: ⊦ m + n = n + m; from specification nat-basic
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
⊦ 1 = m + 1 ↔ m = 0; (s)
⊦ m < n → m ≤ n; (s)
⊦ m + 1 ≤ n ↔ m < n; (s)
⊦ m + n ≤ m + n0 ↔ n ≤ n0; (s)
⊦ m + 1 ≠ 0; (s)21stepHeuristic elimination applied rule apply elim lemmastack2 = [] ↔ xpos0 = 0, leftneighbor(x, xpos0) = first-lower(stack1, x, x[xpos0]), stack1.head ≠ 0, stack1 ≠ [], x ≠ [], xpos0 < # x,
bounded(stack1, 1, xpos0 + 1), bounded(stack2, 1, xpos0 + 1), ordered>(stack1), ordered>(stack2), valid-stack(stack1, x), valid-stack(stack2, x),
stack1.head ≤ # x, ¬ x[stack1.head - 1] < x[xpos0], xpos0 ≠ 0 → stack2.head = xpos0
⊦ ordered>(stack1.tail) ∧ bounded(stack1.tail, 1, xpos0 + 1) ∧ valid-stack(stack1.tail, x)
∧ leftneighbor(x, xpos0) = first-lower(stack1.tail, x, x[xpos0])
spec: list-data[natlist], name:elim-1,
seq: ⊦ x ≠ [] → (head = x.head ∧ tail = x.tail ↔ x = head + tail),
subst:[x, head, tail] → [stack1, xpos, stack]Used simplifier rules:
first-lower-rec: ⊦ first-lower(xpos ' + stack, x, a) = (x[xpos]! < a ⊃ xpos;first-lower(stack, x, a));
one-based-lookup: ⊦ x[n]! = x[n -1];
bounded-rec: ⊦ bounded(m ' + stack, n0, n1) ↔ n0 ≤ m ∧ m < n1 ∧ bounded(stack, n0, n1);
ordered-pop: ⊦ ordered>(xpos ' + stack) → ordered>(stack);
valid-stack-pop: ⊦ valid-stack(xpos ' + stack, x) → valid-stack(stack, x);
⊦ n -1 = n - 1; (s)
⊦ a ' + x ≠ []; (s)
⊦ a + x = a ' + x; (s)
⊦ m < n + 1 ↔ ¬ n < m; (s)
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
c: ⊦ m + n = n + m; from specification nat-basic
a: ⊦ (x + y) + z = x + y + z; from specification list[natlist]
⊦ m < n ↔ ¬ n ≤ m; (ss)
⊦ x ≠ [] → (head = x.head ∧ tail = x.tail ↔ x = head + tail); (elim)
Used terms: stack1, head, tail22stepHeuristic conditional right split applied rule if rightstack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack0 = [], xpos = xpos0, xpos1 = 1, xpos ≠ 0, bounded(stack2, 1, xpos), bounded(stack, 1, xpos), ordered>(stack2), ordered>(stack),
valid-stack(stack2, x), valid-stack(stack, x), xpos ≤ # x + 1, xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1,
stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x
⊦ ⟨if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!23stack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack = [], stack0 = [], xpos = xpos0, xpos1 = 1, xpos ≠ 0, bounded(stack, 1, xpos), bounded(stack2, 1, xpos), ordered>(stack), ordered>(stack2),
valid-stack(stack, x), valid-stack(stack2, x), xpos ≤ # x, xpos ≤ # x + 1,
stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1
⊦ ⟨lneighbors := lneighbors + 0; stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!26stack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack0 = [], xpos = xpos0, xpos1 = 1, stack ≠ [], xpos ≠ 0, bounded(stack, 1, xpos), bounded(stack2, 1, xpos), ordered>(stack), ordered>(stack2),
valid-stack(stack, x), valid-stack(stack2, x), xpos ≤ # x, xpos ≤ # x + 1,
stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1
⊦ ⟨lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!
pos: right 123stepHeuristic symbolic execution applied rule assign rightstack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack = [], stack0 = [], xpos = xpos0, xpos1 = 1, xpos ≠ 0, bounded(stack, 1, xpos), bounded(stack2, 1, xpos), ordered>(stack), ordered>(stack2),
valid-stack(stack, x), valid-stack(stack2, x), xpos ≤ # x, xpos ≤ # x + 1,
stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1
⊦ ⟨lneighbors := lneighbors + 0; stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!24stack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack = [], stack0 = [], xpos = xpos0, xpos1 = 1, xpos ≠ 0, bounded(stack2, 1, xpos), bounded(stack, 1, xpos), ordered>(stack2), ordered>(stack),
valid-stack(stack2, x), valid-stack(stack, x), xpos ≤ # x + 1, xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1,
stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x
⊦ ⟨stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors + 0 = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!
24stepHeuristic symbolic execution applied rule assign rightstack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack = [], stack0 = [], xpos = xpos0, xpos1 = 1, xpos ≠ 0, bounded(stack2, 1, xpos), bounded(stack, 1, xpos), ordered>(stack2), ordered>(stack),
valid-stack(stack2, x), valid-stack(stack, x), xpos ≤ # x + 1, xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1,
stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x
⊦ ⟨stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors + 0 = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!25stack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack1, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack = xpos + stack1, stack0 = [], stack1 = [], xpos = xpos0, xpos1 = 1, xpos ≠ 0, bounded(stack1, 1, xpos), bounded(stack2, 1, xpos),
ordered>(stack1), ordered>(stack2), valid-stack(stack1, x), valid-stack(stack2, x), xpos ≤ # x, xpos ≤ # x + 1,
stack1 ≠ [] → ((0 < stack1.head ∧ stack1.head ≤ # x) ∧ stack1 ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1
⊦ ⟨xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors + 0 = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack1 ≠ [] ∧ ¬ x[stack1.head]! < x[xpos]!
25stepHeuristic symbolic execution applied rule assign rightstack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack1, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack = xpos + stack1, stack0 = [], stack1 = [], xpos = xpos0, xpos1 = 1, xpos ≠ 0, bounded(stack1, 1, xpos), bounded(stack2, 1, xpos),
ordered>(stack1), ordered>(stack2), valid-stack(stack1, x), valid-stack(stack2, x), xpos ≤ # x, xpos ≤ # x + 1,
stack1 ≠ [] → ((0 < stack1.head ∧ stack1.head ≤ # x) ∧ stack1 ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1
⊦ ⟨xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors + 0 = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack1 ≠ [] ∧ ¬ x[stack1.head]! < x[xpos]!
Used simplifier rules:
one-based-lookup: ⊦ x[n]! = x[n -1];
first-lower-base: ⊦ first-lower([], x, a) = 0;
valid-stack-base: ⊦ valid-stack([], x);
ordered-base: ⊦ ordered>([]);
bounded-base: ⊦ bounded([], n0, n1);
ordered-one: ⊦ ordered>(n ');
bounded-one: ⊦ bounded(m ', n0, n1) ↔ n0 ≤ m ∧ m < n1;
leftneighbors-rec: ⊦ leftneighbors(x, n + 1) = leftneighbors(x, n) + leftneighbor(x, n);
valid-stack-one: ⊦ valid-stack(xpos ', x) ↔ 0 < xpos ∧ xpos ≤ # x ∧ leftneighbor(x, xpos - 1) = 0;
⊦ n -1 = n - 1; (s)
⊦ m + 1 ≠ 0; (s)
⊦ n ≤ n0 ∧ n1 ≤ m → n + n1 ≤ n0 + m; (s)
⊦ 1 = m + 1 ↔ m = 0; (s)
⊦ x + a = x + a '; (s)
⊦ # x = # z → (x + y = z + y0 ↔ x = z ∧ y = y0); (ws)
⊦ a ' = b ' ↔ a = b; (s)
⊦ 0 < m ↔ m ≠ 0; (s)
⊦ a ' ≠ []; (s)
⊦ a + x = a ' + x; (s)
⊦ x + [] = x; (s)
a: ⊦ (x + y) + z = x + y + z; from specification list[natlist]
⊦ a '.head = a; (s)
n ≤ m ⊦ (m - n) + n0 = n1 ↔ m + n0 = n + n1; (s)
⊦ m + n - n + n1 = m - n1; (s)
⊦ n ≤ m → m + n0 - n = (m - n) + n0; (s)
⊦ m ≤ n → (n < m ↔ false); (s)
n0 ≤ n ⊦ n - n0 < m ↔ n < m + n0; (s)
⊦ n ≤ n0 → (m + (n0 - n)) + n = m + n0; (s)
⊦ m < n + 1 ↔ ¬ n < m; (s)
⊦ ¬ a < a; (s)
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
c: ⊦ m + n = n + m; from specification nat-basic
⊦ m ≤ n ↔ ¬ n < m; (ss)
⊦ m < 1 ↔ m = 0; (s)26stepHeuristic symbolic execution applied rule assign rightstack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = leftneighbors(x, xpos - 1), lneighbors0 = [],
stack0 = [], xpos = xpos0, xpos1 = 1, stack ≠ [], xpos ≠ 0, bounded(stack, 1, xpos), bounded(stack2, 1, xpos), ordered>(stack), ordered>(stack2),
valid-stack(stack, x), valid-stack(stack2, x), xpos ≤ # x, xpos ≤ # x + 1,
stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1
⊦ ⟨lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!27stack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = lneighbors1 + stack.head, lneighbors0 = [],
lneighbors1 = leftneighbors(x, xpos - 1), stack0 = [], xpos = xpos0, xpos1 = 1, stack ≠ [], xpos ≠ 0, bounded(stack2, 1, xpos),
bounded(stack, 1, xpos), ordered>(stack2), ordered>(stack), valid-stack(stack2, x), valid-stack(stack, x), xpos ≤ # x + 1, xpos ≤ # x,
stack2 ≠ [] → stack2.head = xpos - 1, stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x
⊦ ⟨stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!
27stepHeuristic symbolic execution applied rule assign rightstack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), lneighbors = lneighbors1 + stack.head, lneighbors0 = [],
lneighbors1 = leftneighbors(x, xpos - 1), stack0 = [], xpos = xpos0, xpos1 = 1, stack ≠ [], xpos ≠ 0, bounded(stack2, 1, xpos),
bounded(stack, 1, xpos), ordered>(stack2), ordered>(stack), valid-stack(stack2, x), valid-stack(stack, x), xpos ≤ # x + 1, xpos ≤ # x,
stack2 ≠ [] → stack2.head = xpos - 1, stack ≠ [] → ((0 < stack.head ∧ stack.head ≤ # x) ∧ stack ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x
⊦ ⟨stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]!28stack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack1, x, x[xpos]!), lneighbors = lneighbors1 + stack1.head, lneighbors0 = [],
lneighbors1 = leftneighbors(x, xpos - 1), stack = xpos + stack1, stack0 = [], xpos = xpos0, xpos1 = 1, stack1 ≠ [], xpos ≠ 0, bounded(stack1, 1, xpos),
bounded(stack2, 1, xpos), ordered>(stack1), ordered>(stack2), valid-stack(stack1, x), valid-stack(stack2, x), xpos ≤ # x, xpos ≤ # x + 1,
stack1 ≠ [] → ((0 < stack1.head ∧ stack1.head ≤ # x) ∧ stack1 ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1
⊦ ⟨xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack1 ≠ [] ∧ ¬ x[stack1.head]! < x[xpos]!
28stepHeuristic symbolic execution applied rule assign rightstack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack1, x, x[xpos]!), lneighbors = lneighbors1 + stack1.head, lneighbors0 = [],
lneighbors1 = leftneighbors(x, xpos - 1), stack = xpos + stack1, stack0 = [], xpos = xpos0, xpos1 = 1, stack1 ≠ [], xpos ≠ 0, bounded(stack1, 1, xpos),
bounded(stack2, 1, xpos), ordered>(stack1), ordered>(stack2), valid-stack(stack1, x), valid-stack(stack2, x), xpos ≤ # x, xpos ≤ # x + 1,
stack1 ≠ [] → ((0 < stack1.head ∧ stack1.head ≤ # x) ∧ stack1 ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x, stack2 ≠ [] → stack2.head = xpos - 1
⊦ ⟨xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
stack1 ≠ [] ∧ ¬ x[stack1.head]! < x[xpos]!29stack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack1, x, x[xpos]!), lneighbors = lneighbors1 + stack1.head, lneighbors0 = [],
lneighbors1 = leftneighbors(x, xpos - 1), stack = xpos + stack1, stack0 = [], xpos = xpos0, xpos1 = 1, stack1 ≠ [], xpos ≠ 0, bounded(stack2, 1, xpos),
bounded(stack1, 1, xpos), ordered>(stack2), ordered>(stack1), valid-stack(stack2, x), valid-stack(stack1, x), xpos ≤ # x + 1, xpos ≤ # x,
stack2 ≠ [] → stack2.head = xpos - 1, stack1 ≠ [] → ((0 < stack1.head ∧ stack1.head ≤ # x) ∧ stack1 ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x
⊦ stack1 ≠ [] ∧ ¬ x[stack1.head]! < x[xpos]!,
( xpos + 1 ≠ 0 ∧ xpos + 1 ≤ # x + 1 ∧ (stack = [] ↔ xpos + 1 = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos + 1)
∧ lneighbors = leftneighbors(x, xpos + 1 - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos + 1 - 1))
∧ # x + 1 - xpos + 1 < # x + 1 - xpos0
29stepHeuristic simplifier applied rule simplifierstack2 = [] ↔ xpos = 1, leftneighbor(x, xpos - 1) = first-lower(stack1, x, x[xpos]!), lneighbors = lneighbors1 + stack1.head, lneighbors0 = [],
lneighbors1 = leftneighbors(x, xpos - 1), stack = xpos + stack1, stack0 = [], xpos = xpos0, xpos1 = 1, stack1 ≠ [], xpos ≠ 0, bounded(stack2, 1, xpos),
bounded(stack1, 1, xpos), ordered>(stack2), ordered>(stack1), valid-stack(stack2, x), valid-stack(stack1, x), xpos ≤ # x + 1, xpos ≤ # x,
stack2 ≠ [] → stack2.head = xpos - 1, stack1 ≠ [] → ((0 < stack1.head ∧ stack1.head ≤ # x) ∧ stack1 ≠ []) ∧ 0 < xpos ∧ xpos ≤ # x
⊦ stack1 ≠ [] ∧ ¬ x[stack1.head]! < x[xpos]!,
( xpos + 1 ≠ 0 ∧ xpos + 1 ≤ # x + 1 ∧ (stack = [] ↔ xpos + 1 = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos + 1)
∧ lneighbors = leftneighbors(x, xpos + 1 - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos + 1 - 1))
∧ # x + 1 - xpos + 1 < # x + 1 - xpos030stack2 = [] ↔ xpos0 = 1, leftneighbor(x, xpos0 - 1) = first-lower(stack1, x, x[xpos0 - 1]), stack1.head ≠ 0, stack1 ≠ [], x ≠ [], xpos0 ≠ 0,
x[stack1.head - 1] < x[xpos0 - 1], bounded(stack2, 1, xpos0), bounded(stack1, 1, xpos0), ordered>(stack2), ordered>(stack1),
valid-stack(stack2, x), valid-stack(stack1, x), stack1.head ≤ # x, xpos0 ≤ # x + 1, xpos0 ≤ # x, 1 ≤ xpos0, 1 ≤ # x,
xpos0 ≠ 1 → stack2.head = xpos0 - 1
⊦ valid-stack(xpos0 ' + stack1, x) ∧ stack1.head = leftneighbor(x, xpos0 - 1) ∧ bounded(stack1, 1, xpos0 + 1) ∧ ordered>(xpos0 ' + stack1)
Used simplifier rules:
bounded-rec: ⊦ bounded(m ' + stack, n0, n1) ↔ n0 ≤ m ∧ m < n1 ∧ bounded(stack, n0, n1);
leftneighbors-rec: ⊦ leftneighbors(x, n + 1) = leftneighbors(x, n) + leftneighbor(x, n);
one-based-lookup: ⊦ x[n]! = x[n -1];
⊦ # x = 0 ↔ x = []; (s)
not-zero: 0 < n ⊦ (* n) ≤ m → m ≠ 0; (forward) from specification nat
c: ⊦ m + n = n + m; from specification nat-basic
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
⊦ m ≤ m + n; (s)
let: ⊦ n ≤ n0 ∧ n0 ≤ n1 → n ≤ n1; (forward) from specification nat
⊦ m < 1 ↔ m = 0; (s)
⊦ m ≤ n ↔ ¬ n < m; (ss)
⊦ n -1 = n - 1; (s)
⊦ ¬ a < a; (s)
⊦ m < n + 1 ↔ ¬ n < m; (s)
⊦ n ≤ n0 → (m + (n0 - n)) + n = m + n0; (s)
n0 ≤ n ⊦ n - n0 < m ↔ n < m + n0; (s)
⊦ m ≤ n → (n < m ↔ false); (s)
⊦ n ≤ m → m + n0 - n = (m - n) + n0; (s)
⊦ m + n - n + n1 = m - n1; (s)
n ≤ m ⊦ (m - n) + n0 = n1 ↔ m + n0 = n + n1; (s)
a: ⊦ (x + y) + z = x + y + z; from specification list[natlist]
⊦ (a ' + x).head = a; (s)
⊦ a + x = a ' + x; (s)
⊦ a ' + x ≠ []; (s)
⊦ a ' = b ' ↔ a = b; (s)
⊦ # x = # z → (x + y = z + y0 ↔ x = z ∧ y = y0); (ws)
⊦ x + a = x + a '; (s)
⊦ 1 = m + 1 ↔ m = 0; (s)
⊦ n ≤ n0 ∧ n1 ≤ m → n + n1 ≤ n0 + m; (s)
⊦ m + 1 ≠ 0; (s)
⊦ 0 < m ↔ m ≠ 0; (s)30stepHeuristic elimination applied rule apply elim lemmastack2 = [] ↔ xpos0 = 1, leftneighbor(x, xpos0 - 1) = first-lower(stack1, x, x[xpos0 - 1]), stack1.head ≠ 0, stack1 ≠ [], x ≠ [], xpos0 ≠ 0,
x[stack1.head - 1] < x[xpos0 - 1], bounded(stack2, 1, xpos0), bounded(stack1, 1, xpos0), ordered>(stack2), ordered>(stack1),
valid-stack(stack2, x), valid-stack(stack1, x), stack1.head ≤ # x, xpos0 ≤ # x + 1, xpos0 ≤ # x, 1 ≤ xpos0, 1 ≤ # x,
xpos0 ≠ 1 → stack2.head = xpos0 - 1
⊦ valid-stack(xpos0 ' + stack1, x) ∧ stack1.head = leftneighbor(x, xpos0 - 1) ∧ bounded(stack1, 1, xpos0 + 1) ∧ ordered>(xpos0 ' + stack1)31stack2 = [] ↔ xpos0 = 1, leftneighbor(x, xpos) = first-lower(stack1, x, x[xpos]), xpos0 = xpos + 1, stack1.head ≠ 0, stack1 ≠ [], x ≠ [], xpos0 ≠ 0,
x[stack1.head - 1] < x[xpos], bounded(stack1, 1, xpos0), bounded(stack2, 1, xpos0), ordered>(stack1), ordered>(stack2),
valid-stack(stack1, x), valid-stack(stack2, x), 1 ≤ # x, 1 ≤ xpos0, xpos0 ≤ # x, xpos0 ≤ # x + 1, stack1.head ≤ # x,
xpos0 ≠ 1 → stack2.head = xpos
⊦ valid-stack(xpos0 ' + stack1, x) ∧ stack1.head = leftneighbor(x, xpos) ∧ bounded(stack1, 1, xpos0 + 1) ∧ ordered>(xpos0 ' + stack1)
spec: nat, name:elim-pred-c, seq:n ≠ 0 ⊦ m = n - 1 ↔ n = m + 1,
subst:[n, m] → [xpos0, xpos]Used simplifier rules:
n ≠ 0 ⊦ m = n - 1 ↔ n = m + 1; (elim)
Used terms: xpos0, m31stepHeuristic simplifier applied rule simplifierstack2 = [] ↔ xpos0 = 1, leftneighbor(x, xpos) = first-lower(stack1, x, x[xpos]), xpos0 = xpos + 1, stack1.head ≠ 0, stack1 ≠ [], x ≠ [], xpos0 ≠ 0,
x[stack1.head - 1] < x[xpos], bounded(stack1, 1, xpos0), bounded(stack2, 1, xpos0), ordered>(stack1), ordered>(stack2),
valid-stack(stack1, x), valid-stack(stack2, x), 1 ≤ # x, 1 ≤ xpos0, xpos0 ≤ # x, xpos0 ≤ # x + 1, stack1.head ≤ # x,
xpos0 ≠ 1 → stack2.head = xpos
⊦ valid-stack(xpos0 ' + stack1, x) ∧ stack1.head = leftneighbor(x, xpos) ∧ bounded(stack1, 1, xpos0 + 1) ∧ ordered>(xpos0 ' + stack1)32stack2 = [] ↔ xpos = 0, leftneighbor(x, xpos) = first-lower(stack1, x, x[xpos]), stack1.head ≠ 0, stack1 ≠ [], x ≠ [], x[stack1.head - 1] < x[xpos],
xpos < # x, bounded(stack2, 1, xpos + 1), bounded(stack1, 1, xpos + 1), ordered>(stack2), ordered>(stack1), valid-stack(stack2, x),
valid-stack(stack1, x), 1 ≤ # x, stack1.head ≤ # x, xpos ≠ 0 → stack2.head = xpos
⊦ valid-stack((xpos + 1)' + stack1, x) ∧ stack1.head = leftneighbor(x, xpos) ∧ bounded(stack1, 1, 2 + xpos) ∧ ordered>((xpos + 1)' + stack1)
Used simplifier rules:
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
c: ⊦ m + n = n + m; from specification nat-basic
⊦ 1 = m + 1 ↔ m = 0; (s)
⊦ m < n → m ≤ n; (s)
⊦ m ≤ m + n; (s)
⊦ m + 1 ≤ n ↔ m < n; (s)
⊦ m + n ≤ m + n0 ↔ n ≤ n0; (s)
⊦ m + 1 ≠ 0; (s)32stepHeuristic elimination applied rule apply elim lemmastack2 = [] ↔ xpos = 0, leftneighbor(x, xpos) = first-lower(stack1, x, x[xpos]), stack1.head ≠ 0, stack1 ≠ [], x ≠ [], x[stack1.head - 1] < x[xpos],
xpos < # x, bounded(stack2, 1, xpos + 1), bounded(stack1, 1, xpos + 1), ordered>(stack2), ordered>(stack1), valid-stack(stack2, x),
valid-stack(stack1, x), 1 ≤ # x, stack1.head ≤ # x, xpos ≠ 0 → stack2.head = xpos
⊦ valid-stack((xpos + 1)' + stack1, x) ∧ stack1.head = leftneighbor(x, xpos) ∧ bounded(stack1, 1, 2 + xpos) ∧ ordered>((xpos + 1)' + stack1)33stack2 = [] ↔ xpos = 0, leftneighbor(x, xpos) = first-lower(stack1, x, x[xpos]), stack1 = xpos0 + stack, stack1 ≠ [], x ≠ [], xpos0 ≠ 0,
xpos < # x, x[xpos0 - 1] < x[xpos], bounded(stack1, 1, xpos + 1), bounded(stack2, 1, xpos + 1), ordered>(stack1), ordered>(stack2),
valid-stack(stack1, x), valid-stack(stack2, x), xpos0 ≤ # x, 1 ≤ # x, xpos ≠ 0 → stack2.head = xpos
⊦ valid-stack((xpos + 1)' + stack1, x) ∧ xpos0 = leftneighbor(x, xpos) ∧ bounded(stack1, 1, 2 + xpos) ∧ ordered>((xpos + 1)' + stack1)
spec: list-data[natlist], name:elim-1,
seq: ⊦ x ≠ [] → (head = x.head ∧ tail = x.tail ↔ x = head + tail),
subst:[x, head, tail] → [stack1, xpos0, stack]Used simplifier rules:
⊦ x ≠ [] → (head = x.head ∧ tail = x.tail ↔ x = head + tail); (elim)
Used terms: stack1, head, tail33stepHeuristic simplifier applied rule simplifierstack2 = [] ↔ xpos = 0, leftneighbor(x, xpos) = first-lower(stack1, x, x[xpos]), stack1 = xpos0 + stack, stack1 ≠ [], x ≠ [], xpos0 ≠ 0,
xpos < # x, x[xpos0 - 1] < x[xpos], bounded(stack1, 1, xpos + 1), bounded(stack2, 1, xpos + 1), ordered>(stack1), ordered>(stack2),
valid-stack(stack1, x), valid-stack(stack2, x), xpos0 ≤ # x, 1 ≤ # x, xpos ≠ 0 → stack2.head = xpos
⊦ valid-stack((xpos + 1)' + stack1, x) ∧ xpos0 = leftneighbor(x, xpos) ∧ bounded(stack1, 1, 2 + xpos) ∧ ordered>((xpos + 1)' + stack1)34# x ≠ 1, stack2.head ≠ 0, leftneighbor(x, stack2.head) ≠ 0, stack2 ≠ [], x ≠ [], leftneighbor(x, stack2.head) < # x,
stack2.head < # x, x[leftneighbor(x, stack2.head) - 1] < x[stack2.head], leftneighbor(x, stack2.head) < 2 + stack2.head,
bounded(stack, 1, stack2.head + 1), bounded(stack2, 1, stack2.head + 1), ordered>(leftneighbor(x, stack2.head) ' + stack), ordered>(stack2),
valid-stack(leftneighbor(x, stack2.head) ' + stack, x), valid-stack(stack2, x), 1 ≤ stack2.head, leftneighbor(x, stack2.head) ≤ stack2.head,
1 ≤ leftneighbor(x, stack2.head), ¬ bounded(stack, 1, 2 + stack2.head)
⊦
Used simplifier rules:
first-lower-rec: ⊦ first-lower(xpos ' + stack, x, a) = (x[xpos]! < a ⊃ xpos;first-lower(stack, x, a));
one-based-lookup: ⊦ x[n]! = x[n -1];
valid-stack-rec: ⊦ valid-stack(xpos1 ' + xpos0 ' + stack, x)
↔ 0 < xpos1 ∧ xpos1 ≤ # x ∧ leftneighbor(x, xpos1 - 1) = xpos0
∧ valid-stack(xpos0 ' + stack, x);
bounded-rec: ⊦ bounded(m ' + stack, n0, n1) ↔ n0 ≤ m ∧ m < n1 ∧ bounded(stack, n0, n1);
ordered-rec: ⊦ ordered>(n0 ' + n1 ' + stack) ↔ n1 < n0 ∧ ordered>(n1 ' + stack);
c: ⊦ m + n = n + m; from specification nat-basic
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
n < n0 ⊦ (* n) ≠ m0 + (* n0); (s)
⊦ 1 < m ↔ ¬(m = 0 ∨ m = 1); (s)
f: ⊦ m < n → n ≠ 0; (forward) from specification nat-basic
let: ⊦ n ≤ n0 ∧ n0 ≤ n1 → n ≤ n1; (forward) from specification nat
fle-01: ⊦ m ≤ n ∧ n < n0 → m < n0; (forward) from specification nat
not-zero: 0 < n ⊦ (* n) ≤ m → m ≠ 0; (forward) from specification nat
⊦ # x = 0 ↔ x = []; (s)
⊦ m ≠ n → (m ≤ n ↔ m < n); (s)
lel: ⊦ a < b ∧ a = c → c < b; (forward) from specification oelem[natlist]
⊦ m + m0 ≤ m ↔ m0 = 0; (s)
⊦ m < n ↔ ¬ n ≤ m; (ss)
⊦ m < n → m ≤ n; (s)
a: ⊦ (x + y) + z = x + y + z; from specification list[natlist]
⊦ m ≤ n → (n < m ↔ false); (s)
⊦ m < n + 1 ↔ ¬ n < m; (s)
⊦ a + x = a ' + x; (s)
⊦ n + 0 = n; (s)
⊦ n ≤ m → m + n0 - n = (m - n) + n0; (s)
⊦ m + 1 ≤ n ↔ m < n; (s)
⊦ m + 1 ≠ 0; (s)
⊦ 0 < m ↔ m ≠ 0; (s)
⊦ a ' + x ≠ []; (s)
⊦ n -1 = n - 1; (s)34stepHeuristic elimination applied rule apply elim lemma# x ≠ 1, stack2.head ≠ 0, leftneighbor(x, stack2.head) ≠ 0, stack2 ≠ [], x ≠ [], leftneighbor(x, stack2.head) < # x,
stack2.head < # x, x[leftneighbor(x, stack2.head) - 1] < x[stack2.head], leftneighbor(x, stack2.head) < 2 + stack2.head,
bounded(stack, 1, stack2.head + 1), bounded(stack2, 1, stack2.head + 1), ordered>(leftneighbor(x, stack2.head) ' + stack), ordered>(stack2),
valid-stack(leftneighbor(x, stack2.head) ' + stack, x), valid-stack(stack2, x), 1 ≤ stack2.head, leftneighbor(x, stack2.head) ≤ stack2.head,
1 ≤ leftneighbor(x, stack2.head), ¬ bounded(stack, 1, 2 + stack2.head)
⊦ 35stack2 = xpos + stack0, # x ≠ 1, leftneighbor(x, xpos) ≠ 0, stack2 ≠ [], x ≠ [], xpos ≠ 0, leftneighbor(x, xpos) < 2 + xpos,
x[leftneighbor(x, xpos) - 1] < x[xpos], xpos < # x, leftneighbor(x, xpos) < # x, bounded(stack2, 1, xpos + 1),
bounded(stack, 1, xpos + 1), ordered>(stack2), ordered>(leftneighbor(x, xpos) ' + stack), valid-stack(stack2, x),
valid-stack(leftneighbor(x, xpos) ' + stack, x), 1 ≤ leftneighbor(x, xpos), leftneighbor(x, xpos) ≤ xpos, 1 ≤ xpos, ¬ bounded(stack, 1, 2 + xpos)
⊦
spec: list-data[natlist], name:elim-1,
seq: ⊦ x ≠ [] → (head = x.head ∧ tail = x.tail ↔ x = head + tail),
subst:[x, head, tail] → [stack2, xpos, stack0]Used simplifier rules:
⊦ x ≠ [] → (head = x.head ∧ tail = x.tail ↔ x = head + tail); (elim)
Used terms: stack2, head, tail35stepHeuristic simplifier applied rule simplifierstack2 = xpos + stack0, # x ≠ 1, leftneighbor(x, xpos) ≠ 0, stack2 ≠ [], x ≠ [], xpos ≠ 0, leftneighbor(x, xpos) < 2 + xpos,
x[leftneighbor(x, xpos) - 1] < x[xpos], xpos < # x, leftneighbor(x, xpos) < # x, bounded(stack2, 1, xpos + 1),
bounded(stack, 1, xpos + 1), ordered>(stack2), ordered>(leftneighbor(x, xpos) ' + stack), valid-stack(stack2, x),
valid-stack(leftneighbor(x, xpos) ' + stack, x), 1 ≤ leftneighbor(x, xpos), leftneighbor(x, xpos) ≤ xpos, 1 ≤ xpos, ¬ bounded(stack, 1, 2 + xpos)
⊦ 36# x ≠ 1, leftneighbor(x, xpos) ≠ 0, x ≠ [], xpos ≠ 0, leftneighbor(x, xpos) < # x, leftneighbor(x, xpos) < 2 + xpos,
x[leftneighbor(x, xpos) - 1] < x[xpos], xpos < # x, bounded(stack0, 1, xpos + 1), bounded(stack, 1, xpos + 1), ordered>(xpos ' + stack0),
ordered>(leftneighbor(x, xpos) ' + stack), valid-stack(xpos ' + stack0, x), valid-stack(leftneighbor(x, xpos) ' + stack, x), 1 ≤ xpos,
1 ≤ leftneighbor(x, xpos), leftneighbor(x, xpos) ≤ xpos, ¬ bounded(stack, 1, 2 + xpos)
⊦
Used simplifier rules:
bounded-rec: ⊦ bounded(m ' + stack, n0, n1) ↔ n0 ≤ m ∧ m < n1 ∧ bounded(stack, n0, n1);
c: ⊦ m + n = n + m; from specification nat-basic
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
n < n0 ⊦ (* n) ≠ m0 + (* n0); (s)
⊦ 1 < m ↔ ¬(m = 0 ∨ m = 1); (s)
f: ⊦ m < n → n ≠ 0; (forward) from specification nat-basic
not-zero: 0 < n ⊦ (* n) ≤ m → m ≠ 0; (forward) from specification nat
fle-01: ⊦ m ≤ n ∧ n < n0 → m < n0; (forward) from specification nat
let: ⊦ n ≤ n0 ∧ n0 ≤ n1 → n ≤ n1; (forward) from specification nat
a: ⊦ (x + y) + z = x + y + z; from specification list[natlist]
⊦ ¬ a < a; (s)
⊦ m < n + 1 ↔ ¬ n < m; (s)
⊦ a + x = a ' + x; (s)
⊦ a ' + x ≠ []; (s)36stepHeuristic elimination applied rule apply elim lemma# x ≠ 1, leftneighbor(x, xpos) ≠ 0, x ≠ [], xpos ≠ 0, leftneighbor(x, xpos) < # x, leftneighbor(x, xpos) < 2 + xpos,
x[leftneighbor(x, xpos) - 1] < x[xpos], xpos < # x, bounded(stack0, 1, xpos + 1), bounded(stack, 1, xpos + 1), ordered>(xpos ' + stack0),
ordered>(leftneighbor(x, xpos) ' + stack), valid-stack(xpos ' + stack0, x), valid-stack(leftneighbor(x, xpos) ' + stack, x), 1 ≤ xpos,
1 ≤ leftneighbor(x, xpos), leftneighbor(x, xpos) ≤ xpos, ¬ bounded(stack, 1, 2 + xpos)
⊦ 37leftneighbor(x, xpos) = xpos0 + 1, # x ≠ 1, leftneighbor(x, xpos) ≠ 0, x ≠ [], xpos ≠ 0, xpos < # x, x[xpos0] < x[xpos],
leftneighbor(x, xpos) < 2 + xpos, leftneighbor(x, xpos) < # x, bounded(stack, 1, xpos + 1), bounded(stack0, 1, xpos + 1),
ordered>(leftneighbor(x, xpos) ' + stack), ordered>(xpos ' + stack0), valid-stack(leftneighbor(x, xpos) ' + stack, x),
valid-stack(xpos ' + stack0, x), leftneighbor(x, xpos) ≤ xpos, 1 ≤ leftneighbor(x, xpos), 1 ≤ xpos, ¬ bounded(stack, 1, 2 + xpos)
⊦
spec: nat, name:elim-pred-c, seq:n ≠ 0 ⊦ m = n - 1 ↔ n = m + 1,
subst:[n, m] → [leftneighbor(x, xpos), xpos0]Used simplifier rules:
n ≠ 0 ⊦ m = n - 1 ↔ n = m + 1; (elim)
Used terms: leftneighbor(x, xpos), m37stepHeuristic simplifier applied rule simplifierleftneighbor(x, xpos) = xpos0 + 1, # x ≠ 1, leftneighbor(x, xpos) ≠ 0, x ≠ [], xpos ≠ 0, xpos < # x, x[xpos0] < x[xpos],
leftneighbor(x, xpos) < 2 + xpos, leftneighbor(x, xpos) < # x, bounded(stack, 1, xpos + 1), bounded(stack0, 1, xpos + 1),
ordered>(leftneighbor(x, xpos) ' + stack), ordered>(xpos ' + stack0), valid-stack(leftneighbor(x, xpos) ' + stack, x),
valid-stack(xpos ' + stack0, x), leftneighbor(x, xpos) ≤ xpos, 1 ≤ leftneighbor(x, xpos), 1 ≤ xpos, ¬ bounded(stack, 1, 2 + xpos)
⊦ 38leftneighbor(x, xpos) = xpos0 + 1, # x ≠ 1, x ≠ [], x[xpos0] < x[xpos], xpos < # x, xpos0 < xpos, xpos0 + 1 < # x,
xpos0 < # x, bounded(stack0, 1, xpos + 1), bounded(stack, 1, xpos + 1), ordered>(xpos ' + stack0), ordered>((xpos0 + 1)' + stack),
valid-stack(xpos ' + stack0, x), valid-stack((xpos0 + 1)' + stack, x), 1 ≤ xpos, ¬ bounded(stack, 1, 2 + xpos)
⊦
Used simplifier rules:
c: ⊦ m + n = n + m; from specification nat-basic
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
⊦ m + 1 ≤ n ↔ m < n; (s)
eqle-one: ⊦ m = n + 1 ∧ n < n0 → m ≤ n0; (forward) from specification nat
⊦ a < b → (b < a ↔ false); (ss)
⊦ m < n + 1 ↔ ¬ n < m; (s)
n < n0 ⊦ m + (* n) < m0 + (* n0) ↔ m < m0 + (n0 - n); (s)
⊦ m +1 = m + 1; (s)
lf: ⊦ m < n ∧ n < n0 → m +1 < n0; (forward) from specification nat-basic
transitivity: ⊦ a < b ∧ b < c → a < c; (forward) from specification oelem[natlist]
⊦ m ≤ m + n; (s)
⊦ m < n → n ≠ 0; (s)
⊦ m + 1 ≠ 0; (s)
not-zero: 0 < n ⊦ (* n) ≤ m → m ≠ 0; (forward) from specification nat
fle-01: ⊦ m ≤ n ∧ n < n0 → m < n0; (forward) from specification nat
lel: ⊦ a < b ∧ a = c → c < b; (forward) from specification oelem[natlist]38stepUser applied rule apply lemmaleftneighbor(x, xpos) = xpos0 + 1, # x ≠ 1, x ≠ [], x[xpos0] < x[xpos], xpos < # x, xpos0 < xpos, xpos0 + 1 < # x,
xpos0 < # x, bounded(stack0, 1, xpos + 1), bounded(stack, 1, xpos + 1), ordered>(xpos ' + stack0), ordered>((xpos0 + 1)' + stack),
valid-stack(xpos ' + stack0, x), valid-stack((xpos0 + 1)' + stack, x), 1 ≤ xpos, ¬ bounded(stack, 1, 2 + xpos)
⊦ 39 ⊦ bounded(stack, n, m) → bounded(stack, n, m + 1)
spec: <toplevel>, name:bounded-succ,
seq: ⊦ bounded(stack, n, m) → bounded(stack, n, m + 1),
subst:[stack, n, m] → [stack, 1, xpos + 1]Used simplifier rules:
c: ⊦ m + n = n + m; from specification nat-basic
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
Used terms: stack, 1, xpos + 139lemmabounded-succ ⊦ bounded(stack, n, m) → bounded(stack, n, m + 1)40stepHeuristic symbolic execution applied rule throw rightleftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), stack ≠ [], xpos ≠ 0, bounded(stack, 1, xpos), ordered>(stack), valid-stack(stack, x),
xpos ≤ # x
⊦ ⟨throw ]!; if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1⟩
( ( xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos)
∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1))
∧ # x + 1 - xpos < # x + 1 - xpos0),
0 < stack.head ∧ stack.head ≤ # x41leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), stack ≠ [], xpos ≠ 0, bounded(stack, 1, xpos), ordered>(stack), valid-stack(stack, x),
xpos ≤ # x
⊦ 0 < stack.head ∧ stack.head ≤ # x
41stepHeuristic simplifier applied rule simplifierleftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!), stack ≠ [], xpos ≠ 0, bounded(stack, 1, xpos), ordered>(stack), valid-stack(stack, x),
xpos ≤ # x
⊦ 0 < stack.head ∧ stack.head ≤ # x42leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos - 1]), stack ≠ [], xpos ≠ 0, bounded(stack, 1, xpos), ordered>(stack),
valid-stack(stack, x), xpos ≤ # x
⊦ stack.head ≠ 0 ∧ stack.head ≤ # x
Used simplifier rules:
one-based-lookup: ⊦ x[n]! = x[n -1];
⊦ 0 < m ↔ m ≠ 0; (s)
⊦ n -1 = n - 1; (s)42stepHeuristic elimination applied rule apply elim lemmaleftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos - 1]), stack ≠ [], xpos ≠ 0, bounded(stack, 1, xpos), ordered>(stack),
valid-stack(stack, x), xpos ≤ # x
⊦ stack.head ≠ 0 ∧ stack.head ≤ # x43leftneighbor(x, xpos0) = first-lower(stack, x, x[xpos0]), xpos = xpos0 + 1, stack ≠ [], xpos ≠ 0, bounded(stack, 1, xpos), ordered>(stack),
valid-stack(stack, x), xpos ≤ # x
⊦ stack.head ≠ 0 ∧ stack.head ≤ # x
spec: nat, name:elim-pred-c, seq:n ≠ 0 ⊦ m = n - 1 ↔ n = m + 1,
subst:[n, m] → [xpos, xpos0]Used simplifier rules:
n ≠ 0 ⊦ m = n - 1 ↔ n = m + 1; (elim)
Used terms: xpos, m43stepHeuristic simplifier applied rule simplifierleftneighbor(x, xpos0) = first-lower(stack, x, x[xpos0]), xpos = xpos0 + 1, stack ≠ [], xpos ≠ 0, bounded(stack, 1, xpos), ordered>(stack),
valid-stack(stack, x), xpos ≤ # x
⊦ stack.head ≠ 0 ∧ stack.head ≤ # x44leftneighbor(x, xpos0) = first-lower(stack, x, x[xpos0]), stack ≠ [], x ≠ [], xpos0 < # x, bounded(stack, 1, xpos0 + 1), ordered>(stack),
valid-stack(stack, x)
⊦ stack.head ≠ 0 ∧ stack.head ≤ # x
Used simplifier rules:
⊦ # x = 0 ↔ x = []; (s)
f: ⊦ m < n → n ≠ 0; (forward) from specification nat-basic
c: ⊦ m + n = n + m; from specification nat-basic
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
⊦ m + 1 ≤ n ↔ m < n; (s)
⊦ m + 1 ≠ 0; (s)44stepHeuristic elimination applied rule apply elim lemmaleftneighbor(x, xpos0) = first-lower(stack, x, x[xpos0]), stack ≠ [], x ≠ [], xpos0 < # x, bounded(stack, 1, xpos0 + 1), ordered>(stack),
valid-stack(stack, x)
⊦ stack.head ≠ 0 ∧ stack.head ≤ # x
spec: list-data[natlist], name:elim-1,
seq: ⊦ x ≠ [] → (head = x.head ∧ tail = x.tail ↔ x = head + tail),
subst:[x, head, tail] → [stack, xpos, stack0]Used simplifier rules:
first-lower-rec: ⊦ first-lower(xpos ' + stack, x, a) = (x[xpos]! < a ⊃ xpos;first-lower(stack, x, a));
one-based-lookup: ⊦ x[n]! = x[n -1];
bounded-rec: ⊦ bounded(m ' + stack, n0, n1) ↔ n0 ≤ m ∧ m < n1 ∧ bounded(stack, n0, n1);
⊦ n -1 = n - 1; (s)
⊦ a ' + x ≠ []; (s)
⊦ a + x = a ' + x; (s)
⊦ m < n + 1 ↔ ¬ n < m; (s)
a: ⊦ (m + n0) + n1 = m + n0 + n1; from specification nat-basic
c: ⊦ m + n = n + m; from specification nat-basic
a: ⊦ (x + y) + z = x + y + z; from specification list[natlist]
⊦ m < n ↔ ¬ n ≤ m; (ss)
fle-01: ⊦ m ≤ n ∧ n < n0 → m < n0; (forward) from specification nat
not-zero: 0 < n ⊦ (* n) ≤ m → m ≠ 0; (forward) from specification nat
let: ⊦ n ≤ n0 ∧ n0 ≤ n1 → n ≤ n1; (forward) from specification nat
⊦ m < n → m ≤ n; (s)
⊦ x ≠ [] → (head = x.head ∧ tail = x.tail ↔ x = head + tail); (elim)
Used terms: stack, head, tail