< Module simple_imp:repeatWhile.
< Prove_Constraint simple_imp:host:proj_e_unique.
Proof completed.
< Prove_Constraint simple_imp:host:proj_e_is.
Proof completed.
< Prove_Constraint simple_imp:host:proj_rf_unique.
Proof completed.
< Prove_Constraint simple_imp:host:proj_rf_is.
Proof completed.
< Prove_Constraint simple_imp:host:proj_c_unique.
Variables: C2 Body Cond
Hyp : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
Hyp1 : |{c}- repeatWhile Body Cond ~~> C2
============================
seq Body (while Cond Body) = C2
< case Hyp1.
Variables: Body Cond
Hyp : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
============================
seq Body (while Cond Body) = seq Body (while Cond Body)
< search.
Proof completed.
< Prove_Constraint simple_imp:host:proj_c_is.
Variables: Body Cond
Hyp : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
Hyp1 : is_c (repeatWhile Body Cond)
============================
is_c (seq Body (while Cond Body))
< case Hyp1.
Variables: Body Cond
Hyp : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
H1 : is_c Body
H2 : is_e Cond
============================
is_c (seq Body (while Cond Body))
< search.
Proof completed.
< Prove_Constraint simple_imp:host:proj_recFields_unique.
Proof completed.
< Prove_Constraint simple_imp:host:proj_recFields_is.
Proof completed.
< Prove_Constraint simple_imp:host:proj_ty_unique.
Proof completed.
< Prove_Constraint simple_imp:host:proj_ty_is.
Proof completed.
< Prove_Constraint simple_imp:host:proj_value_unique.
Proof completed.
< Prove_Constraint simple_imp:host:proj_value_is.
Proof completed.
< Prove simple_imp:host:vars_join,
simple_imp:host:vars_rf_join.
Proof completed.
< Prove simple_imp:host:vars_unique,
simple_imp:host:vars_rf_unique.
Proof completed.
< Prove_Constraint simple_imp:host:proj_e_vars_exist.
Proof completed.
< Prove_Constraint simple_imp:host:proj_e_vars.
Proof completed.
< Prove_Constraint simple_imp:host:proj_rf_vars_exist.
Proof completed.
< Prove_Constraint simple_imp:host:proj_rf_vars.
Proof completed.
< Prove simple_imp:host:vars_is,
simple_imp:host:vars_rf_is.
Proof completed.
< Prove simple_imp:host:vars_exist,
simple_imp:host:vars_rf_exist.
Proof completed.
< Prove simple_imp:host:typeOf_unique,
simple_imp:host:typeRecFields_unique.
Proof completed.
< Prove simple_imp:host:typeOK_unique.
Subgoal 8:
Variables: G1 G2 GB E Cond Body
IH : forall G C G1 G2, typeOK G C G1 * -> typeOK G C G2 -> G1 = G2
Ty1 : typeOK G1 (repeatWhile Body Cond) G1 @
Ty2 : typeOK G1 (repeatWhile Body Cond) G2
Ty3 : typeOK G1 Body GB *
Ty4 : typeOf G1 E boolTy
============================
G1 = G2
< case Ty2.
Subgoal 8:
Variables: G2 GB E Cond Body GB1 E1
IH : forall G C G1 G2, typeOK G C G1 * -> typeOK G C G2 -> G1 = G2
Ty1 : typeOK G2 (repeatWhile Body Cond) G2 @
Ty3 : typeOK G2 Body GB *
Ty4 : typeOf G2 E boolTy
H1 : typeOK G2 Body GB1
H2 : typeOf G2 E1 boolTy
============================
G2 = G2
< search.
Proof completed.
< Prove_Constraint simple_imp:host:proj_eval_e.
Proof completed.
< Prove simple_imp:host:eval_e_unique,
simple_imp:host:eval_rf_unique.
Proof completed.
< Prove simple_imp:host:update_rec_fields_unique.
Proof completed.
< Theorem repeatWhile_projEval :
forall G Body Cond G1,
eval_c G (repeatWhile Body Cond) G1 -> exists G2,
eval_c G (seq Body (while Cond Body)) G2.
============================
forall G Body Cond G1,
eval_c G (repeatWhile Body Cond) G1 -> exists G2,
eval_c G (seq Body (while Cond Body)) G2
< induction on 1.
IH : forall G Body Cond G1,
eval_c G (repeatWhile Body Cond) G1 * -> exists G2,
eval_c G (seq Body (while Cond Body)) G2
============================
forall G Body Cond G1,
eval_c G (repeatWhile Body Cond) G1 @ -> exists G2,
eval_c G (seq Body (while Cond Body)) G2
< intros Ev.
Variables: G Body Cond G1
IH : forall G Body Cond G1,
eval_c G (repeatWhile Body Cond) G1 * -> exists G2,
eval_c G (seq Body (while Cond Body)) G2
Ev : eval_c G (repeatWhile Body Cond) G1 @
============================
exists G2, eval_c G (seq Body (while Cond Body)) G2
< Ev: case Ev (keep).
Subgoal 1:
Variables: G Body Cond G1 G2
IH : forall G Body Cond G1,
eval_c G (repeatWhile Body Cond) G1 * -> exists G2,
eval_c G (seq Body (while Cond Body)) G2
Ev : eval_c G (repeatWhile Body Cond) G1 @
Ev1 : eval_c G Body G2 *
Ev2 : eval_e G2 Cond trueVal
Ev3 : eval_c G2 (repeatWhile Body Cond) G1 *
============================
exists G2, eval_c G (seq Body (while Cond Body)) G2
< EvSeq: apply IH to Ev3.
Subgoal 1:
Variables: G Body Cond G1 G2 G3
IH : forall G Body Cond G1,
eval_c G (repeatWhile Body Cond) G1 * -> exists G2,
eval_c G (seq Body (while Cond Body)) G2
Ev : eval_c G (repeatWhile Body Cond) G1 @
Ev1 : eval_c G Body G2 *
Ev2 : eval_e G2 Cond trueVal
Ev3 : eval_c G2 (repeatWhile Body Cond) G1 *
EvSeq : eval_c G2 (seq Body (while Cond Body)) G3
============================
exists G2, eval_c G (seq Body (while Cond Body)) G2
< EvSeq: case EvSeq.
Subgoal 1:
Variables: G Body Cond G1 G2 G3 G4
IH : forall G Body Cond G1,
eval_c G (repeatWhile Body Cond) G1 * -> exists G2,
eval_c G (seq Body (while Cond Body)) G2
Ev : eval_c G (repeatWhile Body Cond) G1 @
Ev1 : eval_c G Body G2 *
Ev2 : eval_e G2 Cond trueVal
Ev3 : eval_c G2 (repeatWhile Body Cond) G1 *
EvSeq : eval_c G2 Body G4
EvSeq1 : eval_c G4 (while Cond Body) G3
============================
exists G2, eval_c G (seq Body (while Cond Body)) G2
< search.
Subgoal 2:
Variables: G Body Cond G1
IH : forall G Body Cond G1,
eval_c G (repeatWhile Body Cond) G1 * -> exists G2,
eval_c G (seq Body (while Cond Body)) G2
Ev : eval_c G (repeatWhile Body Cond) G1 @
Ev1 : eval_c G Body G1 *
Ev2 : eval_e G1 Cond falseVal
============================
exists G2, eval_c G (seq Body (while Cond Body)) G2
< search.
Proof completed.
< Prove_Constraint simple_imp:host:proj_c_eval.
Variables: G G2 Body Cond
Hyp : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
Hyp1 : eval_c G (repeatWhile Body Cond) G2
============================
exists G', eval_c G (seq Body (while Cond Body)) G'
< apply repeatWhile_projEval to Hyp1.
Variables: G G2 Body Cond G1
Hyp : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
Hyp1 : eval_c G (repeatWhile Body Cond) G2
H1 : eval_c G (seq Body (while Cond Body)) G1
============================
exists G', eval_c G (seq Body (while Cond Body)) G'
< search.
Proof completed.
< Add_Ext_Size simple_imp:host:eval_c.
Proof completed.
< Add_Proj_Rel simple_imp:host:eval_c.
Proof completed.
< Theorem RW_to_SW :
forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N.
============================
forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< induction on 1.
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
============================
forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N @ -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< intros EvalRep.
Variables: C B EG EG' N
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
EvalRep : <eval_c {ES}> EG (repeatWhile B C) EG' N @
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< Ev: case EvalRep.
Subgoal 1:
Variables: C B EG EG' N N2 N3 N4 G1
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< SubSeq: apply IH to Ev4.
Subgoal 1:
Variables: C B EG EG' N N2 N3 N4 G1 N'
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq : <eval_c {ES}> G1 (seq B (while C B)) EG' N'
SubSeq1 : N' < N3
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< EvSub: case SubSeq.
Subgoal 1:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< IsN8: apply ext_size_is_int_eval_c to EvSub1.
Subgoal 1:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< IsN9: apply ext_size_is_int_eval_c to EvSub2.
Subgoal 1:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
IsN9 : is_integer N5
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< IsN': apply plus_integer_is_integer to _ _ EvSub.
Subgoal 1:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
IsN9 : is_integer N5
IsN' : is_integer N'
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< IsN5: apply ext_size_is_int_eval_c to Ev2.
Subgoal 1:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
IsN9 : is_integer N5
IsN' : is_integer N'
IsN5 : is_integer N2
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< N5+N': apply plus_integer_total to IsN5 IsN'.
Subgoal 1:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2 N6
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
IsN9 : is_integer N5
IsN' : is_integer N'
IsN5 : is_integer N2
N5+N' : N2 + N' = N6
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< exists N6.
Subgoal 1:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2 N6
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
IsN9 : is_integer N5
IsN' : is_integer N'
IsN5 : is_integer N2
N5+N' : N2 + N' = N6
============================
<eval_c {ES}> EG (seq B (while C B)) EG' N6 /\ N6 < N
< split.
Subgoal 1.1:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2 N6
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
IsN9 : is_integer N5
IsN' : is_integer N'
IsN5 : is_integer N2
N5+N' : N2 + N' = N6
============================
<eval_c {ES}> EG (seq B (while C B)) EG' N6
< search.
Subgoal 1.2:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2 N6
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
IsN9 : is_integer N5
IsN' : is_integer N'
IsN5 : is_integer N2
N5+N' : N2 + N' = N6
============================
N6 < N
< IsN6: apply ext_size_is_int_eval_c to Ev4.
Subgoal 1.2:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2 N6
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
IsN9 : is_integer N5
IsN' : is_integer N'
IsN5 : is_integer N2
N5+N' : N2 + N' = N6
IsN6 : is_integer N3
============================
N6 < N
< IsN7: apply plus_integer_is_integer to _ _ Ev1.
Subgoal 1.2:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2 N6
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
IsN9 : is_integer N5
IsN' : is_integer N'
IsN5 : is_integer N2
N5+N' : N2 + N' = N6
IsN6 : is_integer N3
IsN7 : is_integer N4
============================
N6 < N
< LN7N1: apply lt_plus_one to Ev _.
Subgoal 1.2:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2 N6
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
IsN9 : is_integer N5
IsN' : is_integer N'
IsN5 : is_integer N2
N5+N' : N2 + N' = N6
IsN6 : is_integer N3
IsN7 : is_integer N4
LN7N1 : N4 < N
============================
N6 < N
< LN10N7: apply less_sums to N5+N' Ev1 _ _.
Subgoal 1.2:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2 N6
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
IsN9 : is_integer N5
IsN' : is_integer N'
IsN5 : is_integer N2
N5+N' : N2 + N' = N6
IsN6 : is_integer N3
IsN7 : is_integer N4
LN7N1 : N4 < N
LN10N7 : N6 < N4
============================
N6 < N
< apply less_integer_transitive to LN10N7 LN7N1.
Subgoal 1.2:
Variables: C B EG EG' N N2 N3 N4 G1 N' N1 N5 G2 N6
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N4 = N
Ev1 : N2 + N3 = N4
Ev2 : <eval_c {ES}> EG B G1 N2 *
Ev3 : eval_e G1 C trueVal
Ev4 : <eval_c {ES}> G1 (repeatWhile B C) EG' N3 *
SubSeq1 : N' < N3
EvSub : N1 + N5 = N'
EvSub1 : <eval_c {ES}> G1 B G2 N1
EvSub2 : <eval_c {ES}> G2 (while C B) EG' N5
IsN8 : is_integer N1
IsN9 : is_integer N5
IsN' : is_integer N'
IsN5 : is_integer N2
N5+N' : N2 + N' = N6
IsN6 : is_integer N3
IsN7 : is_integer N4
LN7N1 : N4 < N
LN10N7 : N6 < N4
H1 : N6 < N
============================
N6 < N
< search.
Subgoal 2:
Variables: C B EG EG' N N2
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N2 = N
Ev1 : <eval_c {ES}> EG B EG' N2 *
Ev2 : eval_e EG' C falseVal
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< IsN5: apply ext_size_is_int_eval_c to Ev1.
Subgoal 2:
Variables: C B EG EG' N N2
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N2 = N
Ev1 : <eval_c {ES}> EG B EG' N2 *
Ev2 : eval_e EG' C falseVal
IsN5 : is_integer N2
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< LN5N1: apply lt_plus_one to Ev _.
Subgoal 2:
Variables: C B EG EG' N N2
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N2 = N
Ev1 : <eval_c {ES}> EG B EG' N2 *
Ev2 : eval_e EG' C falseVal
IsN5 : is_integer N2
LN5N1 : N2 < N
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< N5+0: apply plus_integer_total to IsN5 _ with
N2 = 0.
Subgoal 2:
Variables: C B EG EG' N N2 N3
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N2 = N
Ev1 : <eval_c {ES}> EG B EG' N2 *
Ev2 : eval_e EG' C falseVal
IsN5 : is_integer N2
LN5N1 : N2 < N
N5+0 : N2 + 0 = N3
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< apply plus_zero_right to N5+0.
Subgoal 2:
Variables: C B EG EG' N N2
IH : forall C B EG EG' N,
<eval_c {ES}> EG (repeatWhile B C) EG' N * -> exists N',
<eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
Ev : 1 + N2 = N
Ev1 : <eval_c {ES}> EG B EG' N2 *
Ev2 : eval_e EG' C falseVal
IsN5 : is_integer N2
LN5N1 : N2 < N
N5+0 : N2 + 0 = N2
============================
exists N', <eval_c {ES}> EG (seq B (while C B)) EG' N' /\ N' < N
< search.
Proof completed.
< Prove_Ext_Ind simple_imp:host:eval_c.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
Acc : acc N @
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< Acc: case Acc.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< IsN2: apply ext_size_is_int_eval_c to R3.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< IsN3: apply ext_size_is_int_eval_c to R5.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< IsN4: apply plus_integer_is_integer to _ _ R2.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< PosN2: apply ext_size_pos_eval_c to R3.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< PosN3: apply ext_size_pos_eval_c to R5.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< LN4N: apply lt_plus_one to R1 _.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< LN2N: assert N2 < N.
Subgoal 10.1:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
============================
N2 < N
< OrN2: apply lt_left to R2 _ _.
Subgoal 10.1:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
OrN2 : N2 < N4 \/ N2 = N4
============================
N2 < N
< L: case OrN2.
Subgoal 10.1.1:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
L : N2 < N4
============================
N2 < N
< apply less_integer_transitive to L LN4N.
Subgoal 10.1.1:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
L : N2 < N4
H1 : N2 < N
============================
N2 < N
< search.
Subgoal 10.1.2:
Variables: N G G1 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N4 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N4 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N4
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N4
PosN3 : 0 <= N3
LN4N : N4 < N
============================
N4 < N
< search.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< LN3N: assert N3 < N.
Subgoal 10.2:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
============================
N3 < N
< OrN3: apply lt_right to R2 _ _ _.
Subgoal 10.2:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
OrN3 : N3 < N4 \/ N3 = N4
============================
N3 < N
< L: case OrN3.
Subgoal 10.2.1:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
L : N3 < N4
============================
N3 < N
< apply less_integer_transitive to L LN4N.
Subgoal 10.2.1:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
L : N3 < N4
H1 : N3 < N
============================
N3 < N
< search.
Subgoal 10.2.2:
Variables: N G G1 N2 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N4 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N4 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N4
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N4
LN4N : N4 < N
LN2N : N2 < N
============================
N4 < N
< search.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< AccN2: apply Acc to _ LN2N.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< AccN3: apply Acc to _ LN3N.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
AccN3 : acc N3 *
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< EvalTBody: apply IH to R3 AccN2.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
AccN3 : acc N3 *
EvalTBody : <eval_c {P}> G Body G2
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< EvalTRep: apply IH to R5 AccN3.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
AccN3 : acc N3 *
EvalTBody : <eval_c {P}> G Body G2
EvalTRep : <eval_c {P}> G2 (repeatWhile Body Cond) G1
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< Proj: assert |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body).
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
AccN3 : acc N3 *
EvalTBody : <eval_c {P}> G Body G2
EvalTRep : <eval_c {P}> G2 (repeatWhile Body Cond) G1
Proj : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< SW: apply RW_to_SW to R5.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body N'
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
AccN3 : acc N3 *
EvalTBody : <eval_c {P}> G Body G2
EvalTRep : <eval_c {P}> G2 (repeatWhile Body Cond) G1
Proj : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
SW : <eval_c {ES}> G2 (seq Body (while Cond Body)) G1 N'
SW1 : N' < N3
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< LN'N: apply less_integer_transitive to SW1 LN3N.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body N'
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
AccN3 : acc N3 *
EvalTBody : <eval_c {P}> G Body G2
EvalTRep : <eval_c {P}> G2 (repeatWhile Body Cond) G1
Proj : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
SW : <eval_c {ES}> G2 (seq Body (while Cond Body)) G1 N'
SW1 : N' < N3
LN'N : N' < N
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< L0N': apply ext_size_pos_eval_c to SW.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body N'
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
AccN3 : acc N3 *
EvalTBody : <eval_c {P}> G Body G2
EvalTRep : <eval_c {P}> G2 (repeatWhile Body Cond) G1
Proj : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
SW : <eval_c {ES}> G2 (seq Body (while Cond Body)) G1 N'
SW1 : N' < N3
LN'N : N' < N
L0N' : 0 <= N'
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< AccN': apply Acc to _ LN'N.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body N'
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
AccN3 : acc N3 *
EvalTBody : <eval_c {P}> G Body G2
EvalTRep : <eval_c {P}> G2 (repeatWhile Body Cond) G1
Proj : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
SW : <eval_c {ES}> G2 (seq Body (while Cond Body)) G1 N'
SW1 : N' < N3
LN'N : N' < N
L0N' : 0 <= N'
AccN' : acc N' *
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< EvalTSeq: apply IH to SW AccN'.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body N'
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
AccN3 : acc N3 *
EvalTBody : <eval_c {P}> G Body G2
EvalTRep : <eval_c {P}> G2 (repeatWhile Body Cond) G1
Proj : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
SW : <eval_c {ES}> G2 (seq Body (while Cond Body)) G1 N'
SW1 : N' < N3
LN'N : N' < N
L0N' : 0 <= N'
AccN' : acc N' *
EvalTSeq : <eval_c {P}> G2 (seq Body (while Cond Body)) G1
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< EvalTParts: case EvalTSeq.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body N' G3
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
AccN3 : acc N3 *
EvalTBody : <eval_c {P}> G Body G2
EvalTRep : <eval_c {P}> G2 (repeatWhile Body Cond) G1
Proj : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
SW : <eval_c {ES}> G2 (seq Body (while Cond Body)) G1 N'
SW1 : N' < N3
LN'N : N' < N
L0N' : 0 <= N'
AccN' : acc N' *
EvalTParts : <eval_c {P}> G2 Body G3
EvalTParts1 : <eval_c {P}> G3 (while Cond Body) G1
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< unfold .
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body N' G3
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
AccN3 : acc N3 *
EvalTBody : <eval_c {P}> G Body G2
EvalTRep : <eval_c {P}> G2 (repeatWhile Body Cond) G1
Proj : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
SW : <eval_c {ES}> G2 (seq Body (while Cond Body)) G1 N'
SW1 : N' < N3
LN'N : N' < N
L0N' : 0 <= N'
AccN' : acc N' *
EvalTParts : <eval_c {P}> G2 Body G3
EvalTParts1 : <eval_c {P}> G3 (while Cond Body) G1
============================
exists T G2,
(<eval_c {P}> G Body G2 /\
(eval_e G2 Cond trueVal /\ <eval_c {P}> G2 (repeatWhile Body Cond) G1)) /\
(|{c}- repeatWhile Body Cond ~~> T /\ <eval_c {P}> G T G1)
< exists seq Body (while Cond Body),
G2.
Subgoal 10:
Variables: N G G1 N2 N3 N4 G2 Cond Body N' G3
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N4 = N
R2 : N2 + N3 = N4
R3 : <eval_c {ES}> G Body G2 N2 **
R4 : eval_e G2 Cond trueVal
R5 : <eval_c {ES}> G2 (repeatWhile Body Cond) G1 N3 **
Acc : forall M, 0 <= M -> M < N -> acc M *
IsN2 : is_integer N2
IsN3 : is_integer N3
IsN4 : is_integer N4
PosN2 : 0 <= N2
PosN3 : 0 <= N3
LN4N : N4 < N
LN2N : N2 < N
LN3N : N3 < N
AccN2 : acc N2 *
AccN3 : acc N3 *
EvalTBody : <eval_c {P}> G Body G2
EvalTRep : <eval_c {P}> G2 (repeatWhile Body Cond) G1
Proj : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
SW : <eval_c {ES}> G2 (seq Body (while Cond Body)) G1 N'
SW1 : N' < N3
LN'N : N' < N
L0N' : 0 <= N'
AccN' : acc N' *
EvalTParts : <eval_c {P}> G2 Body G3
EvalTParts1 : <eval_c {P}> G3 (while Cond Body) G1
============================
(<eval_c {P}> G Body G2 /\
(eval_e G2 Cond trueVal /\ <eval_c {P}> G2 (repeatWhile Body Cond) G1)) /\
(|{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body) /\
<eval_c {P}> G (seq Body (while Cond Body)) G1)
< search.
Subgoal 11:
Variables: N G G1 N2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
Acc : acc N @
R1 : 1 + N2 = N
R2 : <eval_c {ES}> G Body G1 N2 **
R3 : eval_e G1 Cond falseVal
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< Acc: case Acc.
Subgoal 11:
Variables: N G G1 N2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N2 = N
R2 : <eval_c {ES}> G Body G1 N2 **
R3 : eval_e G1 Cond falseVal
Acc : forall M, 0 <= M -> M < N -> acc M *
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< L0N2: apply ext_size_pos_eval_c to R2.
Subgoal 11:
Variables: N G G1 N2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N2 = N
R2 : <eval_c {ES}> G Body G1 N2 **
R3 : eval_e G1 Cond falseVal
Acc : forall M, 0 <= M -> M < N -> acc M *
L0N2 : 0 <= N2
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< IsN2: apply ext_size_is_int_eval_c to R2.
Subgoal 11:
Variables: N G G1 N2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N2 = N
R2 : <eval_c {ES}> G Body G1 N2 **
R3 : eval_e G1 Cond falseVal
Acc : forall M, 0 <= M -> M < N -> acc M *
L0N2 : 0 <= N2
IsN2 : is_integer N2
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< LN2N: apply lt_plus_one to R1 _.
Subgoal 11:
Variables: N G G1 N2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N2 = N
R2 : <eval_c {ES}> G Body G1 N2 **
R3 : eval_e G1 Cond falseVal
Acc : forall M, 0 <= M -> M < N -> acc M *
L0N2 : 0 <= N2
IsN2 : is_integer N2
LN2N : N2 < N
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< AccN2: apply Acc to _ LN2N.
Subgoal 11:
Variables: N G G1 N2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N2 = N
R2 : <eval_c {ES}> G Body G1 N2 **
R3 : eval_e G1 Cond falseVal
Acc : forall M, 0 <= M -> M < N -> acc M *
L0N2 : 0 <= N2
IsN2 : is_integer N2
LN2N : N2 < N
AccN2 : acc N2 *
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< EvalTBody: apply IH to R2 AccN2.
Subgoal 11:
Variables: N G G1 N2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N2 = N
R2 : <eval_c {ES}> G Body G1 N2 **
R3 : eval_e G1 Cond falseVal
Acc : forall M, 0 <= M -> M < N -> acc M *
L0N2 : 0 <= N2
IsN2 : is_integer N2
LN2N : N2 < N
AccN2 : acc N2 *
EvalTBody : <eval_c {P}> G Body G1
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< Proj: assert |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body).
Subgoal 11:
Variables: N G G1 N2 Cond Body
IH : forall N G C G1, <eval_c {ES}> G C G1 N -> acc N * -> <eval_c {P}> G C G1
IH1 : forall N G C G1,
<eval_c {ES}> G C G1 N ** -> acc N @ -> <eval_c {P}> G C G1
R : <eval_c {ES}> G (repeatWhile Body Cond) G1 N @@
R1 : 1 + N2 = N
R2 : <eval_c {ES}> G Body G1 N2 **
R3 : eval_e G1 Cond falseVal
Acc : forall M, 0 <= M -> M < N -> acc M *
L0N2 : 0 <= N2
IsN2 : is_integer N2
LN2N : N2 < N
AccN2 : acc N2 *
EvalTBody : <eval_c {P}> G Body G1
Proj : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
============================
<eval_c {P}> G (repeatWhile Body Cond) G1
< search 3.
Proof completed.
< Prove simple_imp:host:eval_c_unique.
Subgoal 10:
Variables: G G1 G2 G3 Cond Body
IH : forall G C G1 G2, eval_c G C G1 * -> eval_c G C G2 -> G1 = G2
Ev1 : eval_c G (repeatWhile Body Cond) G1 @
Ev2 : eval_c G (repeatWhile Body Cond) G2
Ev3 : eval_c G Body G3 *
Ev4 : eval_e G3 Cond trueVal
Ev5 : eval_c G3 (repeatWhile Body Cond) G1 *
============================
G1 = G2
< Ev2: case Ev2.
Subgoal 10.1:
Variables: G G1 G2 G3 Cond Body G4
IH : forall G C G1 G2, eval_c G C G1 * -> eval_c G C G2 -> G1 = G2
Ev1 : eval_c G (repeatWhile Body Cond) G1 @
Ev3 : eval_c G Body G3 *
Ev4 : eval_e G3 Cond trueVal
Ev5 : eval_c G3 (repeatWhile Body Cond) G1 *
Ev2 : eval_c G Body G4
Ev6 : eval_e G4 Cond trueVal
Ev7 : eval_c G4 (repeatWhile Body Cond) G2
============================
G1 = G2
< apply IH to Ev3 Ev2.
Subgoal 10.1:
Variables: G G1 G2 Cond Body G4
IH : forall G C G1 G2, eval_c G C G1 * -> eval_c G C G2 -> G1 = G2
Ev1 : eval_c G (repeatWhile Body Cond) G1 @
Ev3 : eval_c G Body G4 *
Ev4 : eval_e G4 Cond trueVal
Ev5 : eval_c G4 (repeatWhile Body Cond) G1 *
Ev2 : eval_c G Body G4
Ev6 : eval_e G4 Cond trueVal
Ev7 : eval_c G4 (repeatWhile Body Cond) G2
============================
G1 = G2
< apply IH to Ev5 Ev7.
Subgoal 10.1:
Variables: G G2 Cond Body G4
IH : forall G C G1 G2, eval_c G C G1 * -> eval_c G C G2 -> G1 = G2
Ev1 : eval_c G (repeatWhile Body Cond) G2 @
Ev3 : eval_c G Body G4 *
Ev4 : eval_e G4 Cond trueVal
Ev5 : eval_c G4 (repeatWhile Body Cond) G2 *
Ev2 : eval_c G Body G4
Ev6 : eval_e G4 Cond trueVal
Ev7 : eval_c G4 (repeatWhile Body Cond) G2
============================
G2 = G2
< search.
Subgoal 10.2:
Variables: G G1 G2 G3 Cond Body
IH : forall G C G1 G2, eval_c G C G1 * -> eval_c G C G2 -> G1 = G2
Ev1 : eval_c G (repeatWhile Body Cond) G1 @
Ev3 : eval_c G Body G3 *
Ev4 : eval_e G3 Cond trueVal
Ev5 : eval_c G3 (repeatWhile Body Cond) G1 *
Ev2 : eval_c G Body G2
Ev6 : eval_e G2 Cond falseVal
============================
G1 = G2
< apply IH to Ev3 Ev2.
Subgoal 10.2:
Variables: G G1 G2 Cond Body
IH : forall G C G1 G2, eval_c G C G1 * -> eval_c G C G2 -> G1 = G2
Ev1 : eval_c G (repeatWhile Body Cond) G1 @
Ev3 : eval_c G Body G2 *
Ev4 : eval_e G2 Cond trueVal
Ev5 : eval_c G2 (repeatWhile Body Cond) G1 *
Ev2 : eval_c G Body G2
Ev6 : eval_e G2 Cond falseVal
============================
G1 = G2
< apply eval_e_unique to Ev4 Ev6.
Subgoal 11:
Variables: G G1 G2 Cond Body
IH : forall G C G1 G2, eval_c G C G1 * -> eval_c G C G2 -> G1 = G2
Ev1 : eval_c G (repeatWhile Body Cond) G1 @
Ev2 : eval_c G (repeatWhile Body Cond) G2
Ev3 : eval_c G Body G1 *
Ev4 : eval_e G1 Cond falseVal
============================
G1 = G2
< Ev2: case Ev2.
Subgoal 11.1:
Variables: G G1 G2 Cond Body G3
IH : forall G C G1 G2, eval_c G C G1 * -> eval_c G C G2 -> G1 = G2
Ev1 : eval_c G (repeatWhile Body Cond) G1 @
Ev3 : eval_c G Body G1 *
Ev4 : eval_e G1 Cond falseVal
Ev2 : eval_c G Body G3
Ev5 : eval_e G3 Cond trueVal
Ev6 : eval_c G3 (repeatWhile Body Cond) G2
============================
G1 = G2
< apply IH to Ev3 Ev2.
Subgoal 11.1:
Variables: G G2 Cond Body G3
IH : forall G C G1 G2, eval_c G C G1 * -> eval_c G C G2 -> G1 = G2
Ev1 : eval_c G (repeatWhile Body Cond) G3 @
Ev3 : eval_c G Body G3 *
Ev4 : eval_e G3 Cond falseVal
Ev2 : eval_c G Body G3
Ev5 : eval_e G3 Cond trueVal
Ev6 : eval_c G3 (repeatWhile Body Cond) G2
============================
G3 = G2
< apply eval_e_unique to Ev4 Ev5.
Subgoal 11.2:
Variables: G G1 G2 Cond Body
IH : forall G C G1 G2, eval_c G C G1 * -> eval_c G C G2 -> G1 = G2
Ev1 : eval_c G (repeatWhile Body Cond) G1 @
Ev3 : eval_c G Body G1 *
Ev4 : eval_e G1 Cond falseVal
Ev2 : eval_c G Body G2
Ev5 : eval_e G2 Cond falseVal
============================
G1 = G2
< apply IH to Ev3 Ev2.
Subgoal 11.2:
Variables: G G2 Cond Body
IH : forall G C G1 G2, eval_c G C G1 * -> eval_c G C G2 -> G1 = G2
Ev1 : eval_c G (repeatWhile Body Cond) G2 @
Ev3 : eval_c G Body G2 *
Ev4 : eval_e G2 Cond falseVal
Ev2 : eval_c G Body G2
Ev5 : eval_e G2 Cond falseVal
============================
G2 = G2
< search.
Proof completed.
< Theorem repeatWhile_projSame :
forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2.
============================
forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
< induction on 1.
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
============================
forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 @ -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
< intros EvRW EvSW.
Variables: G Body Cond G1 G2
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G1 @
EvSW : eval_c G (seq Body (while Cond Body)) G2
============================
G1 = G2
< EvRW: case EvRW (keep).
Subgoal 1:
Variables: G Body Cond G1 G2 G3
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G1 @
EvSW : eval_c G (seq Body (while Cond Body)) G2
EvRW1 : eval_c G Body G3 *
EvRW2 : eval_e G3 Cond trueVal
EvRW3 : eval_c G3 (repeatWhile Body Cond) G1 *
============================
G1 = G2
< EvSW: case EvSW.
Subgoal 1:
Variables: G Body Cond G1 G2 G3 G4
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G1 @
EvRW1 : eval_c G Body G3 *
EvRW2 : eval_e G3 Cond trueVal
EvRW3 : eval_c G3 (repeatWhile Body Cond) G1 *
EvSW : eval_c G Body G4
EvSW1 : eval_c G4 (while Cond Body) G2
============================
G1 = G2
< apply eval_c_unique to EvRW1 EvSW.
Subgoal 1:
Variables: G Body Cond G1 G2 G4
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G1 @
EvRW1 : eval_c G Body G4 *
EvRW2 : eval_e G4 Cond trueVal
EvRW3 : eval_c G4 (repeatWhile Body Cond) G1 *
EvSW : eval_c G Body G4
EvSW1 : eval_c G4 (while Cond Body) G2
============================
G1 = G2
< EvW': case EvSW1.
Subgoal 1.1:
Variables: G Body Cond G1 G2
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G1 @
EvRW1 : eval_c G Body G2 *
EvRW2 : eval_e G2 Cond trueVal
EvRW3 : eval_c G2 (repeatWhile Body Cond) G1 *
EvSW : eval_c G Body G2
EvW' : eval_e G2 Cond falseVal
============================
G1 = G2
< apply eval_e_unique to EvRW2 EvW'.
Subgoal 1.2:
Variables: G Body Cond G1 G2 G4 G5
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G1 @
EvRW1 : eval_c G Body G4 *
EvRW2 : eval_e G4 Cond trueVal
EvRW3 : eval_c G4 (repeatWhile Body Cond) G1 *
EvSW : eval_c G Body G4
EvW' : eval_e G4 Cond trueVal
EvW'1 : eval_c G4 Body G5
EvW'2 : eval_c G5 (while Cond Body) G2
============================
G1 = G2
< EvSeq: assert eval_c G4 (seq Body (while Cond Body)) G2.
Subgoal 1.2:
Variables: G Body Cond G1 G2 G4 G5
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G1 @
EvRW1 : eval_c G Body G4 *
EvRW2 : eval_e G4 Cond trueVal
EvRW3 : eval_c G4 (repeatWhile Body Cond) G1 *
EvSW : eval_c G Body G4
EvW' : eval_e G4 Cond trueVal
EvW'1 : eval_c G4 Body G5
EvW'2 : eval_c G5 (while Cond Body) G2
EvSeq : eval_c G4 (seq Body (while Cond Body)) G2
============================
G1 = G2
< apply IH to EvRW3 EvSeq.
Subgoal 1.2:
Variables: G Body Cond G2 G4 G5
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G2 @
EvRW1 : eval_c G Body G4 *
EvRW2 : eval_e G4 Cond trueVal
EvRW3 : eval_c G4 (repeatWhile Body Cond) G2 *
EvSW : eval_c G Body G4
EvW' : eval_e G4 Cond trueVal
EvW'1 : eval_c G4 Body G5
EvW'2 : eval_c G5 (while Cond Body) G2
EvSeq : eval_c G4 (seq Body (while Cond Body)) G2
============================
G2 = G2
< search.
Subgoal 2:
Variables: G Body Cond G1 G2
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G1 @
EvSW : eval_c G (seq Body (while Cond Body)) G2
EvRW1 : eval_c G Body G1 *
EvRW2 : eval_e G1 Cond falseVal
============================
G1 = G2
< EvSW: case EvSW.
Subgoal 2:
Variables: G Body Cond G1 G2 G3
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G1 @
EvRW1 : eval_c G Body G1 *
EvRW2 : eval_e G1 Cond falseVal
EvSW : eval_c G Body G3
EvSW1 : eval_c G3 (while Cond Body) G2
============================
G1 = G2
< apply eval_c_unique to EvRW1 EvSW.
Subgoal 2:
Variables: G Body Cond G2 G3
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G3 @
EvRW1 : eval_c G Body G3 *
EvRW2 : eval_e G3 Cond falseVal
EvSW : eval_c G Body G3
EvSW1 : eval_c G3 (while Cond Body) G2
============================
G3 = G2
< EvW: case EvSW1.
Subgoal 2.1:
Variables: G Body Cond G2
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G2 @
EvRW1 : eval_c G Body G2 *
EvRW2 : eval_e G2 Cond falseVal
EvSW : eval_c G Body G2
EvW : eval_e G2 Cond falseVal
============================
G2 = G2
< search.
Subgoal 2.2:
Variables: G Body Cond G2 G3 G4
IH : forall G Body Cond G1 G2,
eval_c G (repeatWhile Body Cond) G1 * -> eval_c G (seq Body (while Cond Body)) G2 ->
G1 = G2
EvRW : eval_c G (repeatWhile Body Cond) G3 @
EvRW1 : eval_c G Body G3 *
EvRW2 : eval_e G3 Cond falseVal
EvSW : eval_c G Body G3
EvW : eval_e G3 Cond trueVal
EvW1 : eval_c G3 Body G4
EvW2 : eval_c G4 (while Cond Body) G2
============================
G3 = G2
< apply eval_e_unique to EvRW2 EvW.
Proof completed.
< Prove_Constraint simple_imp:host:proj_c_eval_results.
Variables: G G1 G2 X V Body Cond
Hyp : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
Hyp1 : eval_c G (repeatWhile Body Cond) G1
Hyp2 : eval_c G (seq Body (while Cond Body)) G2
Hyp3 : lookup G1 X V
============================
lookup G2 X V
< apply repeatWhile_projSame to Hyp1 Hyp2.
Variables: G G2 X V Body Cond
Hyp : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
Hyp1 : eval_c G (repeatWhile Body Cond) G2
Hyp2 : eval_c G (seq Body (while Cond Body)) G2
Hyp3 : lookup G2 X V
============================
lookup G2 X V
< search.
Proof completed.
< Prove_Constraint simple_imp:host:proj_c_eval_results_back.
Variables: G G1 G2 X V Body Cond
Hyp : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
Hyp1 : eval_c G (repeatWhile Body Cond) G1
Hyp2 : eval_c G (seq Body (while Cond Body)) G2
Hyp3 : lookup G2 X V
============================
lookup G1 X V
< apply repeatWhile_projSame to Hyp1 Hyp2.
Variables: G G2 X V Body Cond
Hyp : |{c}- repeatWhile Body Cond ~~> seq Body (while Cond Body)
Hyp1 : eval_c G (repeatWhile Body Cond) G2
Hyp2 : eval_c G (seq Body (while Cond Body)) G2
Hyp3 : lookup G2 X V
============================
lookup G2 X V
< search.
Proof completed.
< Prove simple_imp:host:vars_eval_same_result,
simple_imp:host:vars_equal_rf_same_result.
Proof completed.
