changroberts: act without 2 complicated postconditions

Author: belolourenco

examples/leaderElection/ChangRoberts.mlw

@@ -90,9 +90,9 @@ module ChangRoberts
 
   let ghost function act (w:world) (h:node) : world
     requires { act_enbld w h }
-    ensures  { inv w -> forall n :node. 0<=n<n_nodes -> n<>next h ->
-               forall m :msg. mem m result.inMsgs[n] -> mem m w.inMsgs[n] }
-    ensures  { forall m :msg. mem m result.inMsgs[next h] -> mem m w.inMsgs[h] \/ mem m w.inMsgs[next h] }
+    (* ensures  { inv w -> forall n :node. 0<=n<n_nodes -> n<>next h -> *)
+    (*            forall m :msg. mem m result.inMsgs[n] -> mem m w.inMsgs[n] } *)
+    (* ensures  { forall m :msg. mem m result.inMsgs[next h] -> mem m w.inMsgs[h] \/ mem m w.inMsgs[next h] } *)
 
     ensures  { inv w -> inv result }
     ensures  { inv w -> refn result = refn w

examples/leaderElection/ChangRoberts/why3session.xml

@@ -2,106 +2,117 @@
 <!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
 "https://www.why3.org/why3session.dtd">
 <why3session shape_version="6">
+<prover id="0" name="Alt-Ergo" version="2.5.3" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="1" name="Eprover" version="2.6" timelimit="1" steplimit="0" memlimit="1000"/>
 <prover id="3" name="CVC5" version="1.0.3" timelimit="5" steplimit="0" memlimit="1000"/>
-<prover id="4" name="Alt-Ergo" version="2.4.2" timelimit="1" steplimit="0" memlimit="1000"/>
+<prover id="4" name="Alt-Ergo" version="2.4.2" timelimit="5" steplimit="0" memlimit="1000"/>
 <file format="whyml" proved="true">
 <path name=".."/><path name="ChangRoberts.mlw"/>
 <theory name="ChangRoberts" proved="true">
  <goal name="next&#39;vc" expl="VC for next" proved="true">
- <proof prover="4" timelimit="5"><result status="valid" time="0.060000" steps="1012"/></proof>
+ <proof prover="4"><result status="valid" time="0.060000" steps="1012"/></proof>
  </goal>
  <goal name="pred&#39;vc" expl="VC for pred" proved="true">
- <proof prover="4" timelimit="5"><result status="valid" time="0.030000" steps="1011"/></proof>
+ <proof prover="4"><result status="valid" time="0.030000" steps="1011"/></proof>
  </goal>
  <goal name="initWorld&#39;vc" expl="VC for initWorld" proved="true">
- <proof prover="4" timelimit="5"><result status="valid" time="0.010000" steps="93"/></proof>
+ <proof prover="4"><result status="valid" time="0.010000" steps="93"/></proof>
  </goal>
  <goal name="act&#39;vc" expl="VC for act" proved="true">
  <transf name="unfold" proved="true" arg1="inv">
   <goal name="act&#39;vc.0" expl="VC for act" proved="true">
   <transf name="split_all_full" proved="true" >
    <goal name="act&#39;vc.0.0" expl="unreachable point" proved="true">
-   <proof prover="4"><result status="valid" time="0.010000" steps="58"/></proof>
+   <proof prover="4" timelimit="1"><result status="valid" time="0.010000" steps="58"/></proof>
    </goal>
    <goal name="act&#39;vc.0.1" expl="precondition" proved="true">
-   <proof prover="4"><result status="valid" time="0.010000" steps="23"/></proof>
+   <proof prover="4" timelimit="1"><result status="valid" time="0.010000" steps="23"/></proof>
    </goal>
    <goal name="act&#39;vc.0.2" expl="precondition" proved="true">
-   <proof prover="4"><result status="valid" time="0.010000" steps="23"/></proof>
+   <proof prover="4" timelimit="1"><result status="valid" time="0.010000" steps="23"/></proof>
    </goal>
    <goal name="act&#39;vc.0.3" expl="postcondition" proved="true">
-   <proof prover="3"><result status="valid" time="0.270000" steps="20891"/></proof>
+   <transf name="split_vc" proved="true" >
+    <goal name="act&#39;vc.0.3.0" expl="postcondition" proved="true">
+    <transf name="split_vc" proved="true" >
+     <goal name="act&#39;vc.0.3.0.0" expl="postcondition" proved="true">
+     <proof prover="3" timelimit="20"><result status="valid" time="0.538522" steps="68104"/></proof>
+     </goal>
+    </transf>
+    </goal>
+    <goal name="act&#39;vc.0.3.1" expl="postcondition" proved="true">
+    <transf name="split_vc" proved="true" >
+     <goal name="act&#39;vc.0.3.1.0" expl="postcondition" proved="true">
+     <proof prover="3" memlimit="2000"><result status="valid" time="0.301175" steps="42950"/></proof>
+     </goal>
+    </transf>
+    </goal>
+   </transf>
    </goal>
    <goal name="act&#39;vc.0.4" expl="postcondition" proved="true">
-   <proof prover="4"><result status="valid" time="0.010000" steps="76"/></proof>
-   </goal>
-   <goal name="act&#39;vc.0.5" expl="postcondition" proved="true">
-   <proof prover="4"><result status="valid" time="0.740736" steps="7080"/></proof>
-   </goal>
-   <goal name="act&#39;vc.0.6" expl="postcondition" proved="true">
    <transf name="split_vc" proved="true" >
-    <goal name="act&#39;vc.0.6.0" expl="postcondition" proved="true">
-    <proof prover="4"><result status="valid" time="0.090000" steps="1127"/></proof>
+    <goal name="act&#39;vc.0.4.0" expl="postcondition" proved="true">
+    <proof prover="0"><result status="valid" time="0.328621" steps="5026"/></proof>
     </goal>
    </transf>
    </goal>
-   <goal name="act&#39;vc.0.7" expl="postcondition" proved="true">
-   <proof prover="3"><result status="valid" time="0.280000" steps="21542"/></proof>
-   </goal>
-   <goal name="act&#39;vc.0.8" expl="postcondition" proved="true">
-   <proof prover="4"><result status="valid" time="0.050000" steps="730"/></proof>
-   </goal>
-   <goal name="act&#39;vc.0.9" expl="postcondition" proved="true">
+   <goal name="act&#39;vc.0.5" expl="postcondition" proved="true">
    <transf name="split_vc" proved="true" >
-    <goal name="act&#39;vc.0.9.0" expl="postcondition" proved="true">
+    <goal name="act&#39;vc.0.5.0" expl="postcondition" proved="true">
     <transf name="split_vc" proved="true" >
-     <goal name="act&#39;vc.0.9.0.0" expl="postcondition" proved="true">
-     <proof prover="3" timelimit="20"><result status="valid" time="1.970432" steps="125188"/></proof>
+     <goal name="act&#39;vc.0.5.0.0" expl="postcondition" proved="true">
+     <proof prover="3" timelimit="30" memlimit="4000"><result status="valid" time="23.889676" steps="1449758"/></proof>
      </goal>
     </transf>
     </goal>
-    <goal name="act&#39;vc.0.9.1" expl="postcondition" proved="true">
+    <goal name="act&#39;vc.0.5.1" expl="postcondition" proved="true">
     <transf name="split_vc" proved="true" >
-     <goal name="act&#39;vc.0.9.1.0" expl="postcondition" proved="true">
-     <proof prover="3" memlimit="2000"><result status="valid" time="4.316190" steps="275770"/></proof>
+     <goal name="act&#39;vc.0.5.1.0" expl="postcondition" proved="true">
+     <transf name="inline_goal" proved="true" >
+      <goal name="act&#39;vc.0.5.1.0.0" expl="postcondition" proved="true">
+      <transf name="split_all_full" proved="true" >
+       <goal name="act&#39;vc.0.5.1.0.0.0" expl="postcondition" proved="true">
+       <proof prover="3" timelimit="1"><result status="valid" time="0.605309" steps="98620"/></proof>
+       </goal>
+      </transf>
+      </goal>
+     </transf>
      </goal>
     </transf>
     </goal>
    </transf>
    </goal>
-   <goal name="act&#39;vc.0.10" expl="postcondition" proved="true">
-   <proof prover="4"><result status="valid" time="0.020000" steps="84"/></proof>
-   </goal>
-   <goal name="act&#39;vc.0.11" expl="postcondition" proved="true">
-   <proof prover="3"><result status="valid" time="0.260000" steps="21004"/></proof>
-   </goal>
-   <goal name="act&#39;vc.0.12" expl="postcondition" proved="true">
-   <proof prover="4"><result status="valid" time="0.020000" steps="80"/></proof>
+   <goal name="act&#39;vc.0.6" expl="postcondition" proved="true">
+   <transf name="split_vc" proved="true" >
+    <goal name="act&#39;vc.0.6.0" expl="postcondition" proved="true">
+    <proof prover="4" timelimit="1"><result status="valid" time="0.090000" steps="71"/></proof>
+    </goal>
+   </transf>
    </goal>
-   <goal name="act&#39;vc.0.13" expl="postcondition" proved="true">
-   <proof prover="4" timelimit="5"><result status="valid" time="0.590000" steps="7094"/></proof>
+   <goal name="act&#39;vc.0.7" expl="postcondition" proved="true">
+   <proof prover="1"><result status="valid" time="0.529864"/></proof>
    </goal>
-   <goal name="act&#39;vc.0.14" expl="postcondition" proved="true">
-   <proof prover="4"><result status="valid" time="0.010000" steps="42"/></proof>
+   <goal name="act&#39;vc.0.8" expl="postcondition" proved="true">
+   <proof prover="4" timelimit="1"><result status="valid" time="0.010000" steps="38"/></proof>
    </goal>
   </transf>
   </goal>
  </transf>
  </goal>
  <goal name="Refinement.initWorldA&#39;refn&#39;vc" expl="VC for initWorldA&#39;refn" proved="true">
- <proof prover="4" timelimit="5"><result status="valid" time="0.010000" steps="74"/></proof>
+ <proof prover="4"><result status="valid" time="0.010000" steps="74"/></proof>
  </goal>
  <goal name="Refinement.initWorldC&#39;refn&#39;vc" expl="VC for initWorldC&#39;refn" proved="true">
- <proof prover="4" timelimit="5"><result status="valid" time="1.662458" steps="20280"/></proof>
+ <proof prover="4"><result status="valid" time="2.099651" steps="39223"/></proof>
  </goal>
  <goal name="Refinement.stepA&#39;refn&#39;vc" expl="VC for stepA&#39;refn" proved="true">
- <proof prover="4" timelimit="5"><result status="valid" time="0.010000" steps="85"/></proof>
+ <proof prover="4"><result status="valid" time="0.010000" steps="85"/></proof>
  </goal>
  <goal name="Refinement.stepC&#39;refn&#39;vc" expl="VC for stepC&#39;refn" proved="true">
- <proof prover="4" timelimit="5"><result status="valid" time="0.020000" steps="429"/></proof>
+ <proof prover="4"><result status="valid" time="0.020000" steps="439"/></proof>
  </goal>
  <goal name="uniqueLeader" proved="true">
- <proof prover="4" timelimit="5"><result status="valid" time="0.020000" steps="212"/></proof>
+ <proof prover="4"><result status="valid" time="0.020000" steps="211"/></proof>
  </goal>
 </theory>
 </file>