Home Intro Announce FAQ Docs Download Mail Status Bugs Users Related FM Tools

PVS Bug 999


Synopsis:        version 4 conflicts continued
Severity:        serious
Priority:        medium
Responsible:     owre (Sam Owre)
State:           open
Class:           sw-bug
Arrival-Date:    Mon Jun 25 01:45:00 2007
Originator:      Hesselink
Organization:    rug.nl
Release:         PVS 4.0
Environment: 
 System:          
 Architecture: 

Description: 
  This is a multi-part message in MIME format.
  --------------060408050603000603020500
  Content-Type: text/plain; charset=ISO-8859-1; format=flowed
  Content-Transfer-Encoding: 7bit
  
  Dear Sam,
  
  As you know, our system administrator installed pvs-4.0 with cmu-lisp. 
  My student Ikram Ullah installed it on its own system with allegro.  He 
  made the attached dumpfile dumpexec. When I try to undump it, I have all 
  kind of problems.
  
  Today, I discovered that I must not let it make a new PVSHOME since that 
  overwrites your patches for my cmu-lisp. OK.  So I did not. Now the dump 
  nicely undumps and the file sliding.pvs is reproved but for an 
  unprovable TCC and the proof of lemma: lqall_is_invariant.  I 
  concentrate on the lemma.  I can see why Ikram's proof fails. He used a 
  (new?) allegro feature that quotes can be omitted when referring to 
  lemmas. I therefore go to edit-proof and modify the proof buffer as 
  attached. I then ask to install the proof which seems to succeed. The 
  failure occurs upon the question whether or not to save the proof.
  
  Since in the mean time a student came in with other problems, I don't 
  precisely know how it went. Anyway, pvs has died. I attach the pvsbuffer 
  and its messages. I hope you can see what the matter is?
  
  Best regards,
  Wim
  
  -- 
                          Wim H. Hesselink  
  
   Dept. of Computing Science       /   phone +31 50 3633933
      University of Groningen      /       or +31 50 3633939
                  P.O.Box 800     /     fax   +31 50 3633800
            9700 AV Groningen    /      email: w.h.hesselink@rug.nl
              The Netherlands   /       http://www.cs.rug.nl/~wim
  
  
  --------------060408050603000603020500
  Content-Type: text/plain;
   name="dumpexec"
  Content-Transfer-Encoding: 7bit
  Content-Disposition: inline;
   filename="dumpexec"
  
  
  %% PVS Version 4.0 - Allegro CL Enterprise Edition 8.0 [Linux (x86)] (Nov 28,
  2006 16:50)
  %% 8.0 [Linux (x86)] (Nov 28, 2006 16:50)
  $$$PVSHOME/.pvs.lisp
  
  $$$sliding.pvs
  
  %% PVS Version 4.0 - Allegro CL Enterprise Edition 8.0 [Linux (x86)] (Nov 28,
  2006 16:50)
  %% 8.0 [Linux (x86)] (Nov 28, 2006 16:50)
  %%$$$PVSHOME/.pvs.lisp
  
  %%$$$sliding.pvs
  % 	To Prove
  
  %	do true ->
  %10:	TNS GOTO 11 OR 12	
  %
  %	var down := 0, j := 0
  %	
  %11:	in ack(k) ->
  %	if down < k -> down := k 
  %		       if j < k -> j := k fi
  %	[] else ->
  %	send mess(j, a[j])
  %	j++
  %	if j = down + W then j: = down fi
  %	ni
  %	
  % 	var comp := 0
  %
  %12:	in mess(k,x) ->
  %	if b[k] = undef ->
  %	b[k] := x
  %	if comp = k ->
  %  	  do b[comp] != undef -> comp ++ od
  %	  send ack(comp)
  %	fi
  %	[] k < comp -> send ack(comp)
  %	fi
  %	ni
  
  	
  	sliding: THEORY
  	BEGIN
  	 
  	 Item: TYPE 
           
  	 Mess :  TYPE = [# index:nat, item:Item #]
  	   
           ww: posnat 
  	 a: [nat -> Item]
  	 
  	
  	 receiveBuffer?(b:[nat->lift[Item]]):bool=
  		FORALL(k:nat):exists(j:nat):k<j AND bottom?(b(j))	
  			
    	 state: TYPE =[#
  	   jj:nat,
  	   comp,down:nat,
  	   acks: [nat-> nat],
  	   mess: [Mess->nat],
  	   b: (receiveBuffer?),
  	   rc: [nat->nat],
  	   ackrc:[nat->nat],
  	   ackCnt: [nat->nat],
             sendCnt: [nat->nat]
  	 #]
  	 
  	 x,y: VAR state
           i, j, lim, newlim: VAR nat
           f, g: VAR [nat->nat]
  
  	sumUpTo(f, (lim: nat)): RECURSIVE nat =
             IF lim = 0 THEN 0 ELSE sumUpTo(f, lim -1) + f(lim-1) ENDIF
             MEASURE lim
  
          message(i): Mess =
             (# index := i, item := a(i) #)
  
  	messInTrans(x):nat = 
  		sumUpTo(lambda (i:nat):x`mess(message(i)), x`down + ww)
  
  	ackInTrans(x):nat=
  		sumUpTo(x`acks, x`comp + 1)
  
  	receiveAck(x,y):bool=
  		(Exists(ack:nat):x`acks(ack) > 0 AND
  		 y = x WITH[`acks(ack) := x`acks (ack) - 1,
  			    `ackrc(ack) := 1+ x`ackrc(ack),
  			    `down := if x`down <ack 
  				    then ack else x`down endif,
  			    `jj := if x`down < ack AND x`jj < ack then ack else
  x`jj endif])
  
  	sendMessage(x,y):bool=
  		 y = x WITH [ `jj := if x`jj+1 >= x`down + ww
        			             then x`down else x`jj+1 endif,
  			     `sendCnt(x`jj) := 1+ x`sendCnt(x`jj),
  			     `mess((# index := x`jj, item := a(x`jj) #)) := 
                                1 + x`mess((# index := x`jj, item := a(x`jj) #)
 ) ]
  
  	firstbottom?(b:(receiveBuffer?),n:nat) :nat =
  		min({k:nat | k>=n+1 AND bottom?(b(k))})
  
  	recvMessage(x,y):bool=
  		(Exists (m:Mess):x`mess(m) > 0 AND
  		 if bottom?(x`b(m`index)) then
  		 y = x WITH [ `b(m`index) := up(m`item),		
 	       		
  			      `comp:= if x`comp = m`index then firstbottom?(x`b
 ,x`comp) else x`comp endif,
  			      `acks(firstbottom?(x`b,x`comp)) := 
                                   x`acks(firstbottom?(x`b,x`comp)) + IF x`comp
  = m`index THEN 1 ELSE 0 ENDIF ,
  			      `ackCnt(firstbottom?(x`b,x`comp)):= 
                                   if x`comp = m`index then 1+ x`ackCnt(firstbo
 ttom?(x`b,x`comp)) 
  				 else x`ackCnt(firstbottom?(x`b,x`comp)) endif,
  			      `rc(m`index) := 1+ x`rc(m`index),
  			      `mess(m) := x`mess(m)-1]
  		else if m`index < x`comp then
  		y = x WITH [`acks(x`comp) := x`acks(x`comp)+1,
  			    `ackCnt(x`comp) := 1+ x`ackCnt(x`comp),
  			    `mess(m) := x`mess(m)-1,
  			    `rc(m`index) := 1+ x`rc(m`index)]
  		else
  		y = x WITH [ `mess(m) := x`mess(m) - 1 ,
  			     `rc(m`index) := 1+ x`rc(m`index)]endif  endif)
  
  
  	looseMess(x,y):bool=
  		(Exists (m:Mess):x`mess(m) > 0 AND
  		 y = x WITH [ `mess(m) :=  x`mess(m)-1])
  
  	looseAck(x,y):bool=
  		(Exists (ack:nat):x`acks(ack) > 0 AND
  		y = x WITH[`acks(ack) := x`acks(ack)-1 ])
  
  	ma(x):nat = 
  		((2 * messInTrans(x)) + ackInTrans(x))
  	
  	aa: VAR [nat->Item]
  	
          step(x,y):bool=
  		receiveAck(x,y) OR sendMessage(x,y) OR recvMessage(x,y) OR loos
 eMess(x,y) OR looseAck(x,y)
  
  
  	init   : state =
  		 (# comp := 0,
  		      jj := 0,
                        down :=0,
  		      rc := (Lambda (i:nat): 0),
  		      ackrc:=(Lambda (i:nat): 0),
  		      ackCnt:=(Lambda (i:nat): 0),
                        sendCnt:=(Lambda (i:nat): 0),
  		      acks:=(Lambda (i:nat): 0),
  		      mess:=(Lambda (m:Mess): 0),
  		      b :=(Lambda(n:nat):bottom)
  		 #) 
  	
  	 
  % Proof Obligations
  
  	
  	lq0(x): bool=
  	      (FORALL (i:nat): i < x`comp IMPLIES (x`b(i) = up(a(i))))
  	
  	
  	lq1(x):bool=
  	      (FORALL( m:Mess): x`mess(m)>0 IMPLIES (a(m`index) = m`item))
  	
  	lq2(x):bool=
  	       FORALL (i:nat): x`acks(i)>0 IMPLIES i <= x`comp
  
  	
  	lq3(x):bool=
  	       FORALL (i:nat): bottom?(x`b(i)) OR x`b(i) = up(a(i))
  		
  	lq4(x):bool=
  		x`down <= x`comp
  
  	lq5(x): bool =
          	FORALL (m: Mess): x`mess(m) > 0 IMPLIES m`index < x`down + ww
  
  	lq6(x): bool =
          	x`jj < x`down + ww
  
  
  	lq7(x): bool =
                  x`down <= x`jj
  
  
  	lqall (x): bool = 
  		lq0(x) AND lq1(x) AND lq2(x) AND lq3(x) AND lq4(x) 
                  AND lq5(x) AND lq6(x) AND lq7(x)
  
  % proof LEMMAS
  	
  	 add1Sum: LEMMA
            	(FORALL i: g(i)=f(i) + IF i=j THEN 1 ELSE 0 ENDIF)
  	         IMPLIES sumUpTo(g,lim) = sumUpTo(f, lim) + IF j < lim THEN 1 E
 LSE 0 ENDIF
  
  	newLim: LEMMA
  		lim <= newlim AND (FORALL i: lim <= i AND i< newlim IMPLIES f(i
 ) = 0) 
  		IMPLIES (sumUpTo(f, newlim) = sumUpTo(f,lim))
  
  	sendmsg_intrans: LEMMA
  		sendMessage(x,y) AND lqall(x)
                  IMPLIES messInTrans(y) = messInTrans(x)+1 AND
  					 ackInTrans(y) = ackInTrans(x)
  
  	recvmsg_intrans1: LEMMA
  	       recvMessage(x,y) AND lqall(x) IMPLIES messInTrans(y) = messInTra
 ns(x)-1
  
  	recvmsg_intrans2: LEMMA
         		recvMessage(x,y) AND lqall(x) IMPLIES ackInTrans(y) = a
 ckInTrans(x) OR
                      ackInTrans(y) = ackInTrans(x)+1
  
  	recvack_intrans: LEMMA
  		receiveAck(x,y) AND lqall(x) IMPLIES ackInTrans(y) = ackInTrans
 (x)-1
  
  	recvack_MessIntrans: LEMMA
  		receiveAck(x,y) AND lqall(x) IMPLIES messInTrans(y) = messInTra
 ns(x)
  
  	loosemsg_intrans: LEMMA
  		looseMess(x,y) AND lqall(x) IMPLIES messInTrans(y) = messInTran
 s(x)-1
  
  	looseack_intrans: LEMMA
  		looseAck(x,y) AND lqall(x) IMPLIES ackInTrans(y) = ackInTrans(x
 )-1
          
  	ma_step:LEMMA
  		step(x,y) AND NOT sendMessage(x,y) AND lqall(x) IMPLIES ma(y) <
  ma(x)
  
  	comp_acomps: LEMMA
  		(FORALL (i:nat):
  		 step(x,y) IMPLIES x`comp <= y`comp)
  
  
  	sendcnt_asends: LEMMA
  		(FORALL (i:nat):
  		 step(x,y) IMPLIES x`sendCnt(i) <= y`sendCnt(i))
  
  	ackcnt_aacks: LEMMA
  		(FORALL (i:nat):
  		 step(x,y) IMPLIES x`ackCnt(i) <= y`ackCnt(i))
  
  	rc_arcs: LEMMA
  		(FORALL (i:nat):
  		 step(x,y) IMPLIES x`rc(i) <= y`rc(i))
  
  	ackrc_aackrcs: LEMMA
  		(FORALL (i:nat):
  		 step(x,y) IMPLIES x`ackrc(i) <= y`ackrc(i))
  	
  	rc_val:LEMMA
  		(FORALL(i:nat):step(x,y) IMPLIES x`rc(i) <= y`rc(i))
  
  	ackrc_val:LEMMA
  		(FORALL(i:nat):step(x,y) IMPLIES x`ackrc(i) <= y`ackrc(i))
  
  	ackCnt_val:LEMMA
  		(FORALL(i:nat):step(x,y) IMPLIES x`ackCnt(i) <= y`ackCnt(i))
  
  	sendCnt_val:LEMMA
  		(FORALL(i:nat):step(x,y) IMPLIES x`sendCnt(i) <= y`sendCnt(i))
  
  	rc_y:LEMMA
  		(FORALL(i:nat):step(x,y) IMPLIES y`rc(i) <= x`rc(i)+1)
  
  	ackrc_y:LEMMA
  		(FORALL(i:nat):step(x,y) IMPLIES y`ackrc(i) <= x`ackrc(i)+1)
  
  	ackCnt_y:LEMMA
  		(FORALL(i:nat):step(x,y) IMPLIES y`ackCnt(i) <= x`ackCnt(i)+1)
  
  	sendCnt_y:LEMMA
  		(FORALL(i:nat):step(x,y) IMPLIES y`sendCnt(i) <= x`sendCnt(i)+1
 )	
  		
  
  	lq0_list:LEMMA
  		lq0(x) AND step(x,y) IMPLIES lq0(y) OR 
  		receiveAck(x,y) OR sendMessage(x,y) OR recvMessage(x,y)
  	
  	lq0_recvAck:LEMMA
  		lq0(x) AND receiveAck(x,y) IMPLIES lq0(y)
  
  
  	lq0_recvMess:LEMMA
  		lq0(x) AND recvMessage(x,y) AND lq1(x) AND lq3(x) IMPLIES lq0(y
 )
  
  	lq0_sendMess:LEMMA
  		lq0(x) AND sendMessage(x,y) IMPLIES lq0(y)
  
  	lq0_kept_valid:LEMMA
  		lq0(x) AND step(x,y) AND lq1(x) AND lq3(x)  IMPLIES lq0(y)
  		
  
  	lq1_list:LEMMA
  		lq1(x) AND step(x,y) IMPLIES lq1(y) OR 
  		receiveAck(x,y) OR sendMessage(x,y) OR recvMessage(x,y)
  	
  	lq1_recvAck:LEMMA
  		lq1(x) AND receiveAck(x,y) IMPLIES lq1(y)
  
  	lq1_recvMess:LEMMA
  		lq1(x) AND recvMessage(x,y) IMPLIES lq1(y)
  
  	lq1_sendMess:LEMMA
  		lq1(x) AND sendMessage(x,y) IMPLIES lq1(y)
  
  	lq1_kept_valid:LEMMA
  		lq1(x) AND step(x,y) IMPLIES lq1(y)	
  
  
  	lq2_list:LEMMA
  		lq1(x) AND step(x,y) IMPLIES lq1(y) OR 
  		receiveAck(x,y) OR sendMessage(x,y) OR recvMessage(x,y)
  	
  	lq2_recvAck:LEMMA
  		lq2(x) AND receiveAck(x,y) IMPLIES lq2(y)
  
  	lq2_recvMess:LEMMA
  		lq2(x) AND recvMessage(x,y) IMPLIES lq2(y)
  
  	lq2_sendMess:LEMMA
  		lq2(x) AND sendMessage(x,y) IMPLIES lq2(y)
  
  	lq2_kept_valid:LEMMA
  		lq2(x) AND step(x,y) IMPLIES lq2(y)	
  
  	lq3_list:LEMMA
  		lq3(x) AND step(x,y) IMPLIES lq3(y) OR 
  		receiveAck(x,y) OR sendMessage(x,y) OR recvMessage(x,y)
  	
  	lq3_recvAck:LEMMA
  		lq3(x) AND receiveAck(x,y) IMPLIES lq3(y)
  
  
  	lq3_recvMess:LEMMA
  		lq3(x) AND recvMessage(x,y) AND lq1(x) IMPLIES lq3(y)
  
  
  	lq3_sendMess:LEMMA
  		lq3(x) AND sendMessage(x,y) IMPLIES lq3(y)
  
  	lq3_kept_valid:LEMMA
  		lq3(x) AND step(x,y) AND lq1(x) IMPLIES lq3(y)
  	
  
  	lq4_list:LEMMA
  		lq4(x) AND step(x,y) IMPLIES lq4(y) OR 
  		receiveAck(x,y) OR sendMessage(x,y) OR recvMessage(x,y)
  	
  	lq4_recvAck:LEMMA
  		lq4(x) AND receiveAck(x,y) AND lq2(x)  IMPLIES lq4(y)
  
  	lq4_recvMess:LEMMA
  		lq4(x) AND recvMessage(x,y) AND lq2(x) IMPLIES lq4(y)
  
  	lq4_sendMess:LEMMA
  		lq4(x) AND sendMessage(x,y) AND lq2(x)  IMPLIES lq4(y)
  
  	lq4_kept_valid:LEMMA
  		lq4(x) AND step(x,y) AND lq2(x) IMPLIES lq4(y)	
  
  	lq5_list:LEMMA
  		lq5(x) AND step(x,y) IMPLIES lq5(y) OR 
  		receiveAck(x,y) OR sendMessage(x,y) OR recvMessage(x,y)
  
  	lq5_recvAck:LEMMA
  		lq5(x) AND receiveAck(x,y) IMPLIES lq5(y)
  
  	lq5_recvMess:LEMMA
  		lq5(x) AND recvMessage(x,y) IMPLIES lq5(y)
  
  	lq5_sendMess:LEMMA
  		lq5(x) AND sendMessage(x,y) AND lq6(x) IMPLIES lq5(y)
  
  	lq5_kept_valid:LEMMA
  		lq5(x) AND step(x,y) AND lq6(x) IMPLIES lq5(y)	
  
  	lq6_list:LEMMA
  		lq6(x) AND step(x,y) IMPLIES lq6(y) OR 
  		receiveAck(x,y) OR sendMessage(x,y) OR recvMessage(x,y)
  	
  	lq6_recvAck:LEMMA
  		lq6(x) AND receiveAck(x,y) AND lq4(x) IMPLIES lq6(y)
  
  	lq6_recvMess:LEMMA
  		lq6(x) AND recvMessage(x,y) AND lq4(x) IMPLIES lq6(y)
  
  	lq6_sendMess:LEMMA
  		lq6(x) AND sendMessage(x,y) IMPLIES lq6(y)
  
  	lq6_kept_valid:LEMMA
  		lq6(x) AND step(x,y) AND lq4(x) IMPLIES lq6(y)	
  
  	lq7_list:LEMMA
  		lq7(x) AND step(x,y) IMPLIES lq7(y) OR 
  		receiveAck(x,y) OR sendMessage(x,y) OR recvMessage(x,y)
  	
  	lq7_recvAck:LEMMA
  		lq7(x) AND receiveAck(x,y) AND lq4(x) IMPLIES lq7(y)
  
  	lq7_recvMess:LEMMA
  		lq7(x) AND recvMessage(x,y) AND lq7(x) IMPLIES lq7(y)
  
  	lq7_sendMess:LEMMA
  		lq7(x) AND sendMessage(x,y) IMPLIES lq7(y)
  
  	lq7_kept_valid:LEMMA
  		lq7(x) AND step(x,y) AND lq4(x) IMPLIES lq7(y)
  
  	lqall_is_invariant: THEOREM 
        		lqall(x) AND step(x,y) IMPLIES lqall(y)   
  
  	lqall_holds_initially: THEOREM
        		lqall (init)
  		
  	End sliding
  
  $$$sliding.prf
  (sliding
   (a_TCC1 0
    (a_TCC1-1 nil 3391510762 3391516657
     ("" (existence-tcc) (("" (postpone) nil nil)) nil) unfinished nil
     217744 30 t nil))
   (sumUpTo_TCC1 0
    (sumUpTo_TCC1-1 nil 3390886427 3391516200 ("" (subtype-tcc) nil nil)
     proved
     ((boolean nonempty-type-decl nil booleans nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (>= const-decl "bool" reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil))
     42 40 t nil))
   (sumUpTo_TCC2 0
    (sumUpTo_TCC2-1 nil 3390886427 3391516200
     ("" (termination-tcc) nil nil) proved nil 12 10 t nil))
   (receiveAck_TCC1 0
    (receiveAck_TCC1-1 nil 3390886427 3391516200
     ("" (subtype-tcc) nil nil) proved
     ((boolean nonempty-type-decl nil booleans nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (>= const-decl "bool" reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil))
     72 50 t nil))
   (firstbottom?_TCC1 0
    (firstbottom?_TCC1-1 nil 3389945536 3391516200
     ("" (subtype-tcc) nil nil) proved
     ((boolean nonempty-type-decl nil booleans nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (>= const-decl "bool" reals nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (Item type-decl nil sliding nil) (lift type-decl nil lift_adt nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (even_minus_odd_is_odd application-judgement "odd_int" integers
       nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (member const-decl "bool" sets nil)
      (empty? const-decl "bool" sets nil)
      (nonempty? const-decl "bool" sets nil))
     270 220 t nil))
   (recvMessage_TCC1 0
    (recvMessage_TCC1-1 nil 3390886427 3391516200
     ("" (subtype-tcc) nil nil) proved
     ((int_minus_int_is_int application-judgement "int" integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     50 40 t nil))
   (recvMessage_TCC2 0
    (recvMessage_TCC2-1 nil 3390886427 3391516200
     ("" (subtype-tcc) nil nil) proved
     ((int_minus_int_is_int application-judgement "int" integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     81 60 t nil))
   (recvMessage_TCC3 0
    (recvMessage_TCC3-1 nil 3390886427 3391516200
     ("" (subtype-tcc) nil nil) proved
     ((int_minus_int_is_int application-judgement "int" integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     84 60 t nil))
   (looseMess_TCC1 0
    (looseMess_TCC1-1 nil 3390886427 3391516200
     ("" (subtype-tcc) nil nil) proved
     ((int_minus_int_is_int application-judgement "int" integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     61 30 t nil))
   (init_TCC1 0
    (init_TCC1-1 nil 3389945536 3391516332
     ("" (expand "receiveBuffer?")
      (("" (skosimp)
        (("" (assert) (("" (inst + "k!1+1") (("" (assert) nil nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((receiveBuffer? const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil))
     10160 80 t nil))
   (add1Sum 0
    (add1Sum-1 nil 3390887509 3391516201
     ("" (skosimp)
      (("" (lemma "nat_induction")
        ((""
          (inst -
           "(Lambda lim: sumUpTo(g!1, lim) = sumUpTo(f!1, lim) + IF j!1 < lim T
 HEN 1 ELSE 0 ENDIF)")
          (("" (split)
            (("1" (inst?) nil nil)
             ("2" (expand "sumUpTo") (("2" (propax) nil nil)) nil)
             ("3" (skosimp)
              (("3" (expand "sumUpTo" +)
                (("3" (assert) (("3" (grind) nil nil)) nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((nat_induction formula-decl nil naturalnumbers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (< const-decl "bool" reals nil)
      (IF const-decl "[boolean, T, T -> T]" if_def nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (sumUpTo def-decl "nat" sliding nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (pred type-eq-decl nil defined_types nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil))
     847 750 t shostak))
   (newLim 0
    (newLim-1 nil 3391151985 3391516202
     ("" (induct "newlim")
      (("1" (skosimp) (("1" (assert) nil nil)) nil)
       ("2" (skosimp*)
        (("2" (inst -1 "f!1" "lim!1")
          (("2" (assert)
            (("2" (prop)
              (("1" (inst -3 "j!1") (("1" (grind) nil nil)) nil)
               ("2" (skosimp)
                (("2" (inst -4 "i!1") (("2" (assert) nil nil)) nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (nat_induction formula-decl nil naturalnumbers nil)
      (sumUpTo def-decl "nat" sliding nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (< const-decl "bool" reals nil) (<= const-decl "bool" reals nil)
      (AND const-decl "[bool, bool -> bool]" booleans nil)
      (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
      (pred type-eq-decl nil defined_types nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil))
     320 280 t shostak))
   (sendmsg_intrans 0
    (sendmsg_intrans-5 nil 3391512535 3391516208
     ("" (skosimp)
      (("" (expand "sendMessage")
        (("" (case "x!1`down + ww <= y!1`down + ww")
          (("1" (expand "lqall")
            (("1" (flatten)
              (("1" (hide -3 -4 -5 -6 -7)
                (("1" (expand "lq5")
                  (("1" (expand "messInTrans")
                    (("1"
                      (case "sumUpTo(LAMBDA (i: nat): x!1`mess(message(i)),x!1`
 down + ww)
                                             =  sumUpTo(LAMBDA (i: nat): x!1`me
 ss(message(i)),y!1`down + ww) AND ackInTrans(x!1) = ackInTrans(y!1)")
                      (("1" (flatten)
                        (("1" (assert)
                          (("1"
                            (name "fy"
                                  "(LAMBDA (i: nat): y!1`mess(message(i)))")
                            (("1"
                              (name "fx"
                                    "(LAMBDA (i: nat): x!1`mess(message(i)))")
                              (("1" (replace* -1 -2)
                                (("1"
                                  (use
                                   "add1Sum"
                                   ("f" "fx" "g" "fy" "j" "x!1`jj"))
                                  (("1"
                                    (assert)
                                    (("1"
                                      (expand "lq6")
                                      (("1"
                                        (hide -2 -3 -8)
                                        (("1"
                                          (assert)
                                          (("1"
                                            (skosimp)
                                            (("1"
                                              (hide 2)
                                              (("1"
                                                (expand "fy")
                                                (("1"
                                                  (expand "fx")
                                                  (("1"
                                                    (expand "message")
                                                    (("1"
                                                      (assert)
                                                      (("1"
                                                        (grind)
                                                        nil
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil)
                       ("2" (hide 2)
                        (("2" (assert)
                          (("2" (inst?)
                            (("2" (assert)
                              (("2" (prop)
                                (("1"
                                  (assert)
                                  (("1"
                                    (use "newLim")
                                    (("1"
                                      (assert)
                                      (("1" (grind) nil nil))
                                      nil))
                                    nil))
                                  nil)
                                 ("2"
                                  (use "newLim")
                                  (("2"
                                    (assert)
                                    (("2" (grind) nil nil))
                                    nil))
                                  nil)
                                 ("3"
                                  (expand "ackInTrans")
                                  (("3"
                                    (assert)
                                    (("3" (grind) nil nil))
                                    nil))
                                  nil)
                                 ("4"
                                  (expand "ackInTrans")
                                  (("4"
                                    (assert)
                                    (("4" (grind) nil nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (assert)
            (("2" (hide 2)
              (("2" (expand "lqall")
                (("2" (flatten)
                  (("2" (expand "lq5")
                    (("2" (inst?)
                      (("2" (assert) (("2" (grind) nil nil)) nil)) nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((sendMessage const-decl "bool" sliding nil)
      (lq0 const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (lqall const-decl "bool" sliding nil)
      (messInTrans const-decl "nat" sliding nil)
      (a const-decl "[nat -> Item]" sliding nil)
      (newLim formula-decl nil sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (fy skolem-const-decl "[nat -> nat]" sliding nil)
      (int_plus_int_is_int application-judgement "int" integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (lq7 const-decl "bool" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (fx skolem-const-decl "[nat -> nat]" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq6 const-decl "bool" sliding nil)
      (add1Sum formula-decl nil sliding nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (ackInTrans const-decl "nat" sliding nil)
      (message const-decl "Mess" sliding nil)
      (sumUpTo def-decl "nat" sliding nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (AND const-decl "[bool, bool -> bool]" booleans nil)
      (lq5 const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (<= const-decl "bool" reals nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (>= const-decl "bool" reals nil) (Item type-decl nil sliding nil)
      (lift type-decl nil lift_adt nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (nonneg_int nonempty-type-eq-decl nil integers nil)
      (> const-decl "bool" reals nil)
      (posnat nonempty-type-eq-decl nil integers nil)
      (ww const-decl "posnat" sliding nil))
     6082 5530 t nil)
    (sendmsg_intrans-4 nil 3391512497 nil
     (";;; Proof sendmsg_intrans-3 for formula sliding.sendmsg_intrans"
      (skosimp)
      ((";;; Proof sendmsg_intrans-3 for formula sliding.sendmsg_intrans"
        (expand "sendMessage")
        ((";;; Proof sendmsg_intrans-3 for formula sliding.sendmsg_intrans"
          (case "x!1`down + ww <= y!1`down + ww")
          (("1" (expand "lqall")
            (("1" (flatten)
              (("1" (hide -3 -4 -5 -6 -7)
                (("1" (expand "lq5")
                  (("1" (expand "messInTrans")
                    (("1"
                      (case "sumUpTo(LAMBDA (i: nat): x!1`mess(message(x!1, i))
 ,x!1`down + ww)
                                             =  sumUpTo(LAMBDA (i: nat): x!1`me
 ss(message(x!1, i)),y!1`down + ww) AND ackInTrans(x!1) = ackInTrans(y!1)")
                      (("1" (flatten)
                        (("1" (assert)
                          (("1"
                            (name "fy"
                                  "(LAMBDA (i: nat): y!1`mess(message(y!1, i)))
 ")
                            (("1"
                              (name "fx"
                                    "(LAMBDA (i: nat): x!1`mess(message(x!1, i)
 ))")
                              (("1" (replace* -1 -2)
                                (("1"
                                  (use
                                   "add1Sum"
                                   ("f" "fx" "g" "fy" "j" "x!1`jj"))
                                  (("1"
                                    (assert)
                                    (("1"
                                      (expand "lq6")
                                      (("1"
                                        (hide -2 -3 -8)
                                        (("1"
                                          (assert)
                                          (("1"
                                            (skosimp)
                                            (("1"
                                              (hide 2)
                                              (("1"
                                                (expand "fy")
                                                (("1"
                                                  (expand "fx")
                                                  (("1"
                                                    (expand "message")
                                                    (("1"
                                                      (assert)
                                                      (("1"
                                                        (grind)
                                                        nil))))))))))))))))))))
 )))))))))))))
                       ("2" (hide 2)
                        (("2" (assert)
                          (("2" (inst?)
                            (("2" (assert)
                              (("2" (prop)
                                (("1"
                                  (assert)
                                  (("1"
                                    (use "newLim")
                                    (("1"
                                      (assert)
                                      (("1" (grind) nil)))))))
                                 ("2"
                                  (use "newLim")
                                  (("2" (assert) (("2" (grind) nil)))))
                                 ("3"
                                  (expand "ackInTrans")
                                  (("3" (assert) (("3" (grind) nil)))))
                                 ("4"
                                  (expand "ackInTrans")
                                  (("4"
                                    (assert)
                                    (("4"
                                      (grind)
                                      nil)))))))))))))))))))))))))))
           ("2" (assert)
            (("2" (hide 2)
              (("2" (expand "lqall")
                (("2" (flatten)
                  (("2" (expand "lq5")
                    (("2" (inst?)
                      (("2" (assert)
                        (("2" (grind) nil))))))))))))))))))))
      ";;; developed with shostak decision procedures")
     unchecked nil nil nil nil nil)
    (sendmsg_intrans-3 nil 3391511509 3391511617
     (";;; Proof sendmsg_intrans-2 for formula sliding.sendmsg_intrans"
      (skosimp)
      ((";;; Proof sendmsg_intrans-2 for formula sliding.sendmsg_intrans"
        (expand "sendMessage")
        ((";;; Proof sendmsg_intrans-2 for formula sliding.sendmsg_intrans"
          (case "x!1`down + ww <= y!1`down + ww")
          (("1" (expand "lqall")
            (("1" (flatten)
              (("1" (hide -3 -4 -5 -6 -7)
                (("1" (expand "lq5")
                  (("1" (expand "messInTrans")
                    (("1"
                      (case "sumUpTo(LAMBDA (i: nat): x!1`mess(message(x!1, i))
 ,x!1`down + ww)
                                    =  sumUpTo(LAMBDA (i: nat): x!1`mess(messag
 e(x!1, i)),y!1`down + ww) AND ackInTrans(x!1) = ackInTrans(y!1)")
                      (("1" (flatten)
                        (("1" (assert)
                          (("1"
                            (name "fy"
                                  "(LAMBDA (i: nat): y!1`mess(message(y!1, i)))
 ")
                            (("1"
                              (name "fx"
                                    "(LAMBDA (i: nat): x!1`mess(message(x!1, i)
 ))")
                              (("1" (replace* -1 -2)
                                (("1"
                                  (use
                                   "add1Sum"
                                   ("f" "fx" "g" "fy" "j" "x!1`jj"))
                                  (("1"
                                    (assert)
                                    (("1"
                                      (expand "lq6")
                                      (("1"
                                        (hide -2 -3 -8)
                                        (("1"
                                          (assert)
                                          (("1"
                                            (skosimp)
                                            (("1"
                                              (hide 2)
                                              (("1"
                                                (expand "fy")
                                                (("1"
                                                  (expand "fx")
                                                  (("1"
                                                    (expand "message")
                                                    (("1"
                                                      (assert)
                                                      (("1"
                                                        (grind)
                                                        nil))))))))))))))))))))
 )))))))))))))
                       ("2" (hide 2)
                        (("2" (assert)
                          (("2" (inst?)
                            (("2" (assert)
                              (("2" (prop)
                                (("1"
                                  (assert)
                                  (("1"
                                    (use "newLim")
                                    (("1"
                                      (assert)
                                      (("1" (grind) nil)))))))
                                 ("2"
                                  (use "newLim")
                                  (("2" (assert) (("2" (grind) nil)))))
                                 ("3"
                                  (expand "ackInTrans")
                                  (("3" (assert) (("3" (grind) nil)))))
                                 ("4"
                                  (expand "ackInTrans")
                                  (("4"
                                    (assert)
                                    (("4"
                                      (grind)
                                      nil)))))))))))))))))))))))))))
           ("2" (assert)
            (("2" (hide 2)
              (("2" (expand "lqall")
                (("2" (flatten)
                  (("2" (expand "lq5")
                    (("2" (inst?)
                      (("2" (assert)
                        (("2" (grind) nil))))))))))))))))))))
      ";;; developed with shostak decision procedures")
     unfinished nil 54623 240 t nil)
    (sendmsg_intrans-2 nil 3391334120 3391511414
     ("" (skosimp)
      (("" (expand "sendMessage")
        (("" (case "x!1`down + x!1`ww <= y!1`down + y!1`ww")
          (("1" (expand "lqall")
            (("1" (flatten)
              (("1" (hide -3 -4 -5 -6 -7)
                (("1" (expand "lq5")
                  (("1" (expand "messInTrans")
                    (("1"
                      (case "sumUpTo(LAMBDA (i: nat): x!1`mess(message(x!1, i))
 ,x!1`down + x!1`ww)
                           =  sumUpTo(LAMBDA (i: nat): x!1`mess(message(x!1, i)
 ),y!1`down + y!1`ww) AND ackInTrans(x!1) = ackInTrans(y!1)")
                      (("1" (flatten)
                        (("1" (assert)
                          (("1"
                            (name "fy"
                                  "(LAMBDA (i: nat): y!1`mess(message(y!1, i)))
 ")
                            (("1"
                              (name "fx"
                                    "(LAMBDA (i: nat): x!1`mess(message(x!1, i)
 ))")
                              (("1" (replace* -1 -2)
                                (("1"
                                  (use
                                   "add1Sum"
                                   ("f" "fx" "g" "fy" "j" "x!1`jj"))
                                  (("1"
                                    (assert)
                                    (("1"
                                      (expand "lq6")
                                      (("1"
                                        (hide -2 -3 -8)
                                        (("1"
                                          (assert)
                                          (("1"
                                            (skosimp)
                                            (("1"
                                              (hide 2)
                                              (("1"
                                                (expand "fy")
                                                (("1"
                                                  (expand "fx")
                                                  (("1"
                                                    (expand "message")
                                                    (("1"
                                                      (assert)
                                                      (("1"
                                                        (grind)
                                                        nil
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil)
                       ("2" (hide 2)
                        (("2" (assert)
                          (("2" (inst?)
                            (("2" (assert)
                              (("2" (prop)
                                (("1"
                                  (assert)
                                  (("1"
                                    (use "newLim")
                                    (("1"
                                      (assert)
                                      (("1" (grind) nil nil))
                                      nil))
                                    nil))
                                  nil)
                                 ("2"
                                  (use "newLim")
                                  (("2"
                                    (assert)
                                    (("2" (grind) nil nil))
                                    nil))
                                  nil)
                                 ("3"
                                  (expand "ackInTrans")
                                  (("3"
                                    (assert)
                                    (("3" (grind) nil nil))
                                    nil))
                                  nil)
                                 ("4"
                                  (expand "ackInTrans")
                                  (("4"
                                    (assert)
                                    (("4" (grind) nil nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (assert)
            (("2" (hide 2)
              (("2" (expand "lqall")
                (("2" (flatten)
                  (("2" (expand "lq5")
                    (("2" (inst?)
                      (("2" (assert) (("2" (grind) nil nil)) nil)) nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     unfinished
     ((sendMessage const-decl "bool" sliding nil)
      (lq0 const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (lqall const-decl "bool" sliding nil)
      (messInTrans const-decl "nat" sliding nil)
      (newLim formula-decl nil sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (lq6 const-decl "bool" sliding nil)
      (add1Sum formula-decl nil sliding nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (ackInTrans const-decl "nat" sliding nil)
      (message const-decl "Mess" sliding nil)
      (sumUpTo def-decl "nat" sliding nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (AND const-decl "[bool, bool -> bool]" booleans nil)
      (lq5 const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (<= const-decl "bool" reals nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (Item type-decl nil sliding nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (>= const-decl "bool" reals nil) (lift type-decl nil lift_adt nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (posnat nonempty-type-eq-decl nil integers nil)
      (state type-eq-decl nil sliding nil))
     440115 270 t nil)
    (sendmsg_intrans-1 nil 3390733538 3391334080
     ("" (skosimp)
      (("" (expand "sendMessage")
        (("" (case "x!1`down + x!1`ww <= y!1`down + y!1`ww")
          (("1" (expand "lqall")
            (("1" (flatten)
              (("1" (hide -3 -4 -5 -6 -7)
                (("1" (expand "lq5")
                  (("1" (expand "messInTrans")
                    (("1"
                      (case "sumUpTo(LAMBDA (i: nat): x!1`mess(message(x!1, i))
 ,x!1`down + x!1`ww)
                  =  sumUpTo(LAMBDA (i: nat): x!1`mess(message(x!1, i)),y!1`dow
 n + y!1`ww) AND ackInTrans(x!1) = ackInTrans(y!1)")
                      (("1" (flatten)
                        (("1" (assert)
                          (("1" (replace -1)
                            (("1" (hide -1 -2)
                              (("1"
                                (name "fy"
                                      "(LAMBDA (i_1: nat): y!1`mess(message(y!1
 , i_1)))")
                                (("1"
                                  (name
                                   "fx"
                                   "(LAMBDA (i: nat): x!1`mess(message(x!1, i))
 )")
                                  (("1"
                                    (replace* -2 -3)
                                    (("1"
                                      (use
                                       "add1Sum"
                                       ("f" "fy" "g" "fx" "j" "x!1`jj"))
                                      (("1"
                                        (expand "lq6")
                                        (("1"
                                          (assert)
                                          (("1" (postpone) nil nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil)
                       ("2" (hide 2)
                        (("2" (assert)
                          (("2" (inst?)
                            (("2" (assert)
                              (("2" (prop)
                                (("1"
                                  (assert)
                                  (("1"
                                    (use "newLim")
                                    (("1"
                                      (assert)
                                      (("1" (grind) nil nil))
                                      nil))
                                    nil))
                                  nil)
                                 ("2"
                                  (use "newLim")
                                  (("2"
                                    (assert)
                                    (("2" (grind) nil nil))
                                    nil))
                                  nil)
                                 ("3"
                                  (expand "ackInTrans")
                                  (("3"
                                    (assert)
                                    (("3" (grind) nil nil))
                                    nil))
                                  nil)
                                 ("4"
                                  (expand "ackInTrans")
                                  (("4"
                                    (assert)
                                    (("4" (grind) nil nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (assert)
            (("2" (hide 2)
              (("2" (expand "lqall")
                (("2" (flatten)
                  (("2" (expand "lq5")
                    (("2" (inst?)
                      (("2" (assert) (("2" (grind) nil nil)) nil)) nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     unfinished nil 48217 5150 t shostak))
   (recvmsg_intrans1 0
    (recvmsg_intrans1-3 nil 3391512803 3391516216
     ("" (skosimp)
      (("" (expand "recvMessage")
        (("" (skosimp)
          (("" (case "y!1`mess(m!1)+1 = x!1`mess(m!1)")
            (("1" (name "mi" "m!1`index")
              (("1" (case "mi < x!1`down + ww")
                (("1" (case "m!1=message(mi)")
                  (("1"
                    (case "forall (m: Mess): m /= m!1 IMPLIES y!1`mess(m) = x!1
 `mess(m)")
                    (("1" (case "x!1`down + ww <= y!1`down + ww")
                      (("1" (expand "lqall")
                        (("1" (flatten)
                          (("1" (hide -9 -10 -11 -12 -13)
                            (("1" (expand "messInTrans")
                              (("1"
                                (case "sumUpTo(LAMBDA (i: nat): x!1`mess(messag
 e(i)),x!1`down + ww)
                                                    =  sumUpTo(LAMBDA (i: nat):
  x!1`mess(message(i)),y!1`down + ww)")
                                (("1"
                                  (case
                                   "sumUpTo(LAMBDA (i: nat): x!1`mess(message(i
 )),
                                                                        y!1`dow
 n + ww) = 1 +   sumUpTo(LAMBDA (i: nat): y!1`mess(message(i)),
                                                                       y!1`down
  + ww)
                                                             ")
                                  (("1" (assert) nil nil)
                                   ("2"
                                    (hide 2)
                                    (("2"
                                      (name
                                       "fy"
                                       "lambda (i:nat):x!1`mess(message(i))")
                                      (("2"
                                        (name
                                         "fx"
                                         "lambda (i:nat): y!1`mess(message(i))"
 )
                                        (("2"
                                          (replace* -1 -2)
                                          (("2"
                                            (use
                                             "add1Sum"
                                             ("j"
                                              "mi"
                                              "f"
                                              "fx"
                                              "g"
                                              "fy"
                                              "lim"
                                              "y!1`down+ww"))
                                            (("2"
                                              (assert)
                                              (("2"
                                                (skosimp)
                                                (("2"
                                                  (lift-if)
                                                  (("2"
                                                    (expand "fx")
                                                    (("2"
                                                      (expand "fy")
                                                      (("2"
                                                        (case
                                                         "message(i!1)=message 
 (i!1)")
                                                        (("1"
                                                          (hide 2)
                                                          (("1"
                                                            (hide -12)
                                                            (("1"
                                                              (replace
                                                               -1)
                                                              (("1"
                                                                (assert)
                                                                (("1"
                                                                  (prop)
                                                                  (("1"
                                                                    (assert)
                                                                    (("1"
                                                                      (expand
                                                                       "message
 ")
                                                                      (("1"
                                                                        (assert
 )
                                                                        (("1"
                                                                          (inst
 ?)
                                                                          (("1"
                                                                            (as
 sert)
                                                                            (("
 1"
                                                                              (
 grind)
                                                                              n
 il
                                                                              n
 il))
                                                                            nil
 ))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil)
                                                         ("2"
                                                          (propax)
                                                          nil
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil)
                                 ("2"
                                  (hide 2)
                                  (("2"
                                    (inst?)
                                    (("2"
                                      (assert)
                                      (("2"
                                        (prop)
                                        (("2"
                                          (use "newLim")
                                          (("2"
                                            (assert)
                                            (("2"
                                              (expand "lq5")
                                              (("2" (grind) nil nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil)
                       ("2" (hide 2)
                        (("2" (expand "lqall")
                          (("2" (flatten)
                            (("2" (expand "lq5")
                              (("2" (inst -13 "m!1")
                                (("2" (grind) nil nil)) nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil)
                     ("2" (hide 2)
                      (("2" (skosimp)
                        (("2" (assert) (("2" (grind) nil nil)) nil))
                        nil))
                      nil))
                    nil)
                   ("2" (hide -5)
                    (("2" (expand "lqall")
                      (("2" (flatten)
                        (("2" (expand "lq1")
                          (("2" (inst?)
                            (("2" (expand "message")
                              (("2" (assert)
                                (("2"
                                  (hide-all-but (-2 -6 1))
                                  (("2"
                                    (grind)
                                    (("2"
                                      (apply-extensionality :hide? t)
                                      nil
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil)
                 ("2" (hide -4 2)
                  (("2" (expand "lqall")
                    (("2" (flatten)
                      (("2" (hide -4 -5 -6 -7 -8)
                        (("2" (expand "lq5")
                          (("2" (inst -4 "m!1") (("2" (assert) nil nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (hide -3 2)
              (("2" (assert) (("2" (grind) nil nil)) nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((recvMessage const-decl "bool" sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (ww const-decl "posnat" sliding nil)
      (posnat nonempty-type-eq-decl nil integers nil)
      (> const-decl "bool" reals nil)
      (nonneg_int nonempty-type-eq-decl nil integers nil)
      (< const-decl "bool" reals nil)
      (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
      (/= const-decl "boolean" notequal nil)
      (lq0 const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (lqall const-decl "bool" sliding nil)
      (sumUpTo def-decl "nat" sliding nil)
      (add1Sum formula-decl nil sliding nil)
      (fx skolem-const-decl "[nat -> nat]" sliding nil)
      (lq7 const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (lq5 const-decl "bool" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (int_plus_int_is_int application-judgement "int" integers nil)
      (a const-decl "[nat -> Item]" sliding nil)
      (fy skolem-const-decl "[nat -> nat]" sliding nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (firstbottom? const-decl "nat" sliding nil)
      (newLim formula-decl nil sliding nil)
      (messInTrans const-decl "nat" sliding nil)
      (<= const-decl "bool" reals nil)
      (message const-decl "Mess" sliding nil))
     8400 7510 t nil)
    (recvmsg_intrans1-2 nil 3391512715 3391512747
     (";;; Proof recvmsg_intrans1-1 for formula sliding.recvmsg_intrans1"
      (skosimp)
      ((";;; Proof recvmsg_intrans1-1 for formula sliding.recvmsg_intrans1"
        (expand "recvMessage")
        ((";;; Proof recvmsg_intrans1-1 for formula sliding.recvmsg_intrans1"
          (skosimp)
          ((";;; Proof recvmsg_intrans1-1 for formula sliding.recvmsg_intrans1"
            (case "y!1`mess(m!1)+1 = x!1`mess(m!1)")
            (("1" (name "mi" "m!1`index")
              (("1" (case "mi < x!1`down + ww")
                (("1" (case "m!1=message(mi)")
                  (("1"
                    (case "forall (m: Mess): m /= m!1 IMPLIES y!1`mess(m) = x!1
 `mess(m)")
                    (("1" (case "x!1`down + x!1`ww <= y!1`down + y!1`ww")
                      (("1" (expand "lqall")
                        (("1" (flatten)
                          (("1" (hide -9 -10 -11 -12 -13)
                            (("1" (expand "messInTrans")
                              (("1"
                                (case "sumUpTo(LAMBDA (i: nat): x!1`mess(messag
 e(i)),x!1`down + ww)
                                   =  sumUpTo(LAMBDA (i: nat): x!1`mess(message
 (i)),y!1`down + ww)")
                                (("1"
                                  (case
                                   "sumUpTo(LAMBDA (i: nat): x!1`mess(message(i
 )),
                                                     y!1`down + ww) = 1 +   sum
 UpTo(LAMBDA (i: nat): y!1`mess(message(i)),
                                                    y!1`down + ww)
                                          ")
                                  (("1" (assert) nil)
                                   ("2"
                                    (hide 2)
                                    (("2"
                                      (name
                                       "fy"
                                       "lambda (i:nat):x!1`mess(message(i))")
                                      (("2"
                                        (name
                                         "fx"
                                         "lambda (i:nat): y!1`mess(message(i))"
 )
                                        (("2"
                                          (replace* -1 -2)
                                          (("2"
                                            (use
                                             "add1Sum"
                                             ("j"
                                              "mi"
                                              "f"
                                              "fx"
                                              "g"
                                              "fy"
                                              "lim"
                                              "y!1`down+ww"))
                                            (("2"
                                              (assert)
                                              (("2"
                                                (skosimp)
                                                (("2"
                                                  (lift-if)
                                                  (("2"
                                                    (expand "fx")
                                                    (("2"
                                                      (expand "fy")
                                                      (("2"
                                                        (case
                                                         "message(i!1)=message 
 (i!1)")
                                                        (("1"
                                                          (hide 2)
                                                          (("1"
                                                            (hide -12)
                                                            (("1"
                                                              (replace
                                                               -1)
                                                              (("1"
                                                                (assert)
                                                                (("1"
                                                                  (prop)
                                                                  (("1"
                                                                    (assert)
                                                                    (("1"
                                                                      (expand
                                                                       "message
 ")
                                                                      (("1"
                                                                        (assert
 )
                                                                        (("1"
                                                                          (inst
 ?)
                                                                          (("1"
                                                                            (as
 sert)
                                                                            (("
 1"
                                                                              (
 grind)
                                                                              n
 il)))))))))))))))))))))
                                                         ("2"
                                                          (hide-all-but
                                                           (-11 1))
                                                          (("2"
                                                            (assert)
                                                            (("2"
                                                              (expand
                                                               "message")
                                                              (("2"
                                                                (assert)
                                                                nil))))))))))))
 )))))))))))))))))))
                                 ("2"
                                  (hide 2)
                                  (("2"
                                    (inst?)
                                    (("2"
                                      (assert)
                                      (("2"
                                        (prop)
                                        (("2"
                                          (use "newLim")
                                          (("2"
                                            (assert)
                                            (("2"
                                              (expand "lq5")
                                              (("2"
                                                (grind)
                                                nil)))))))))))))))))))))))))
                       ("2" (hide 2)
                        (("2" (expand "lqall")
                          (("2" (flatten)
                            (("2" (expand "lq5")
                              (("2" (inst -13 "m!1")
                                (("2" (grind) nil)))))))))))))
                     ("2" (hide 2)
                      (("2" (skosimp)
                        (("2" (assert) (("2" (grind) nil)))))))))
                   ("2" (hide -5)
                    (("2" (expand "lqall")
                      (("2" (flatten)
                        (("2" (expand "lq1")
                          (("2" (inst?)
                            (("2" (expand "message")
                              (("2" (assert)
                                (("2"
                                  (hide-all-but (-2 -6 1))
                                  (("2"
                                    (grind)
                                    (("2"
                                      (apply-extensionality :hide? t)
                                      nil)))))))))))))))))))))
                 ("2" (hide -4 2)
                  (("2" (expand "lqall")
                    (("2" (flatten)
                      (("2" (hide -4 -5 -6 -7 -8)
                        (("2" (expand "lq5")
                          (("2" (inst -4 "m!1")
                            (("2" (assert) nil)))))))))))))))))
             ("2" (hide -3 2)
              (("2" (assert) (("2" (grind) nil))))))))))))
      ";;; developed with shostak decision procedures")
     unfinished nil 29331 190 t nil)
    (recvmsg_intrans1-1 nil 3390794717 3391510764
     ("" (skosimp)
      (("" (expand "recvMessage")
        (("" (skosimp)
          (("" (case "y!1`mess(m!1)+1 = x!1`mess(m!1)")
            (("1" (name "mi" "m!1`index")
              (("1" (case "mi < x!1`down + x!1`ww")
                (("1" (case "m!1=message(x!1, mi)")
                  (("1"
                    (case "forall (m: Mess): m /= m!1 IMPLIES y!1`mess(m) = x!1
 `mess(m)")
                    (("1" (case "x!1`down + x!1`ww <= y!1`down + y!1`ww")
                      (("1" (expand "lqall")
                        (("1" (flatten)
                          (("1" (hide -9 -10 -11 -12 -13)
                            (("1" (expand "messInTrans")
                              (("1"
                                (case "sumUpTo(LAMBDA (i: nat): x!1`mess(messag
 e(x!1, i)),x!1`down + x!1`ww)
                  =  sumUpTo(LAMBDA (i: nat): x!1`mess(message(x!1, i)),y!1`dow
 n + y!1`ww)")
                                (("1"
                                  (case
                                   "sumUpTo(LAMBDA (i: nat): x!1`mess(message(x
 !1, i)),
                                  y!1`down + y!1`ww) = 1 +   sumUpTo(LAMBDA (i:
  nat): y!1`mess(message(y!1, i)),
                                 y!1`down + y!1`ww)
                       ")
                                  (("1" (assert) nil nil)
                                   ("2"
                                    (hide 2)
                                    (("2"
                                      (name
                                       "fy"
                                       "lambda (i:nat):x!1`mess(message(x!1,i))
 ")
                                      (("2"
                                        (name
                                         "fx"
                                         "lambda (i:nat): y!1`mess(message(y!1,
 i))")
                                        (("2"
                                          (replace* -1 -2)
                                          (("2"
                                            (use
                                             "add1Sum"
                                             ("j"
                                              "mi"
                                              "f"
                                              "fx"
                                              "g"
                                              "fy"
                                              "lim"
                                              "y!1`down+y!1`ww"))
                                            (("2"
                                              (assert)
                                              (("2"
                                                (skosimp)
                                                (("2"
                                                  (lift-if)
                                                  (("2"
                                                    (expand "fx")
                                                    (("2"
                                                      (expand "fy")
                                                      (("2"
                                                        (case
                                                         "message(y!1, i!1)=mes
 sage (x!1,i!1)")
                                                        (("1"
                                                          (hide 2)
                                                          (("1"
                                                            (hide -12)
                                                            (("1"
                                                              (replace
                                                               -1)
                                                              (("1"
                                                                (assert)
                                                                (("1"
                                                                  (prop)
                                                                  (("1"
                                                                    (assert)
                                                                    (("1"
                                                                      (expand
                                                                       "message
 ")
                                                                      (("1"
                                                                        (assert
 )
                                                                        (("1"
                                                                          (inst
 ?)
                                                                          (("1"
                                                                            (as
 sert)
                                                                            (("
 1"
                                                                              (
 grind)
                                                                              n
 il
                                                                              n
 il))
                                                                            nil
 ))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil)
                                                         ("2"
                                                          (hide-all-but
                                                           (-11 1))
                                                          (("2"
                                                            (assert)
                                                            (("2"
                                                              (expand
                                                               "message")
                                                              (("2"
                                                                (assert)
                                                                nil
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil)
                                 ("2"
                                  (hide 2)
                                  (("2"
                                    (inst?)
                                    (("2"
                                      (assert)
                                      (("2"
                                        (prop)
                                        (("2"
                                          (use "newLim")
                                          (("2"
                                            (assert)
                                            (("2"
                                              (expand "lq5")
                                              (("2" (grind) nil nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil)
                       ("2" (hide 2)
                        (("2" (expand "lqall")
                          (("2" (flatten)
                            (("2" (expand "lq5")
                              (("2" (inst -13 "m!1")
                                (("2" (grind) nil nil)) nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil)
                     ("2" (hide 2)
                      (("2" (skosimp)
                        (("2" (assert) (("2" (grind) nil nil)) nil))
                        nil))
                      nil))
                    nil)
                   ("2" (hide -5)
                    (("2" (expand "lqall")
                      (("2" (flatten)
                        (("2" (expand "lq1")
                          (("2" (inst?)
                            (("2" (expand "message")
                              (("2" (assert)
                                (("2"
                                  (hide-all-but (-2 -6 1))
                                  (("2"
                                    (grind)
                                    (("2"
                                      (apply-extensionality :hide? t)
                                      nil
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil)
                 ("2" (hide -4 2)
                  (("2" (expand "lqall")
                    (("2" (flatten)
                      (("2" (hide -4 -5 -6 -7 -8)
                        (("2" (expand "lq5")
                          (("2" (inst -4 "m!1") (("2" (assert) nil nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (hide -3 2)
              (("2" (assert) (("2" (grind) nil nil)) nil)) nil))
            nil))
          nil))
        nil))
      nil)
     unfinished
     ((recvMessage const-decl "bool" sliding nil)
      (state type-eq-decl nil sliding nil)
      (posnat nonempty-type-eq-decl nil integers nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (Item type-decl nil sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (< const-decl "bool" reals nil)
      (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
      (/= const-decl "boolean" notequal nil)
      (lq0 const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (lqall const-decl "bool" sliding nil)
      (sumUpTo def-decl "nat" sliding nil)
      (add1Sum formula-decl nil sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (lq5 const-decl "bool" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (firstbottom? const-decl "nat" sliding nil)
      (newLim formula-decl nil sliding nil)
      (messInTrans const-decl "nat" sliding nil)
      (<= const-decl "bool" reals nil)
      (message const-decl "Mess" sliding nil))
     117 90 t shostak))
   (recvmsg_intrans2 0
    (recvmsg_intrans2-2 nil 3391512928 3391516221
     ("" (skosimp)
      (("" (expand "recvMessage")
        (("" (skosimp)
          (("" (split)
            (("1" (prop)
              (("1" (expand "ackInTrans")
                (("1" (expand "lqall")
                  (("1" (flatten)
                    (("1" (hide -4 -5 -7 -8 -9 -10)
                      (("1" (assert)
                        (("1" (hide 1)
                          (("1" (lift-if)
                            (("1" (split)
                              (("1" (assert)
                                (("1"
                                  (prop)
                                  (("1"
                                    (use
                                     "add1Sum"
                                     ("f"
                                      "x!1`acks"
                                      "g"
                                      "y!1`acks"
                                      "j"
                                      "y!1`comp"))
                                    (("1"
                                      (assert)
                                      (("1"
                                        (prop)
                                        (("1"
                                          (use
                                           "newLim"
                                           ("lim"
                                            "1 + x!1`comp"
                                            "newlim"
                                            "1 + y!1`comp"
                                            "f"
                                            "x!1`acks"))
                                          (("1"
                                            (assert)
                                            (("1"
                                              (prop)
                                              (("1"
                                                (assert)
                                                (("1" (grind) nil nil))
                                                nil)
                                               ("2"
                                                (assert)
                                                (("2"
                                                  (skosimp)
                                                  (("2"
                                                    (expand "lq2")
                                                    (("2"
                                                      (inst -8 "i!1")
                                                      (("2"
                                                        (assert)
                                                        nil
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil)
                                         ("2"
                                          (hide 2)
                                          (("2"
                                            (assert)
                                            (("2"
                                              (skosimp)
                                              (("2"
                                                (expand "lq2")
                                                (("2"
                                                  (inst -5 "i!1")
                                                  (("2"
                                                    (assert)
                                                    (("2"
                                                      (ground)
                                                      (("1"
                                                        (grind)
                                                        nil
                                                        nil)
                                                       ("2"
                                                        (grind)
                                                        nil
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil)
                               ("2" (prop)
                                (("2"
                                  (assert)
                                  (("2"
                                    (reveal 1)
                                    (("2"
                                      (hide 3)
                                      (("2"
                                        (replace -1)
                                        (("2"
                                          (assert)
                                          (("2"
                                            (case
                                             "x!1`acks
                             WITH [(firstbottom?(x!1`b, x!1`comp))
                                     := x!1`acks(firstbottom?(x!1`b, x!1`comp))
 ]= x!1`acks")
                                            (("1"
                                              (assert)
                                              (("1"
                                                (replace -1)
                                                (("1" (propax) nil nil))
                                                nil))
                                              nil)
                                             ("2" (assert) nil nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (prop)
              (("1" (assert)
                (("1" (assert)
                  (("1" (hide 2)
                    (("1" (expand "lqall")
                      (("1" (flatten)
                        (("1" (expand "lq2")
                          (("1" (expand "ackInTrans")
                            (("1" (assert)
                              (("1"
                                (use "add1Sum"
                                     ("f"
                                      "x!1`acks"
                                      "g"
                                      "y!1`acks"
                                      "j"
                                      "y!1`comp"))
                                (("1"
                                  (assert)
                                  (("1"
                                    (hide 2 3)
                                    (("1"
                                      (skosimp)
                                      (("1"
                                        (assert)
                                        (("1"
                                          (inst -6 "i!1")
                                          (("1"
                                            (replace -2)
                                            (("1"
                                              (assert)
                                              (("1"
                                                (assert)
                                                (("1" (grind) nil nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil)
               ("2" (assert)
                (("2" (expand "lqall")
                  (("2" (flatten)
                    (("2" (expand "lq3")
                      (("2" (expand "lq2")
                        (("2" (inst? -5)
                          (("2" (assert)
                            (("2" (inst? -6)
                              (("2" (assert) (("2" (grind) nil nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((recvMessage const-decl "bool" sliding nil)
      (ackInTrans const-decl "nat" sliding nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (add1Sum formula-decl nil sliding nil)
      (number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (>= const-decl "bool" reals nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (Item type-decl nil sliding nil) (lift type-decl nil lift_adt nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq7 const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sumUpTo def-decl "nat" sliding nil)
      (newLim formula-decl nil sliding nil)
      (lqall const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (lq0 const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (lq5 const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil))
     4693 3860 t nil)
    (recvmsg_intrans2-1 nil 3390795042 3391510769
     ("" (skosimp)
      (("" (expand "recvMessage")
        (("" (skosimp)
          (("" (split)
            (("1" (prop)
              (("1" (expand "ackInTrans")
                (("1" (expand "lqall")
                  (("1" (flatten)
                    (("1" (hide -4 -5 -7 -8 -9 -10)
                      (("1" (assert)
                        (("1" (hide 1)
                          (("1" (lift-if)
                            (("1" (split)
                              (("1" (assert)
                                (("1"
                                  (prop)
                                  (("1"
                                    (use
                                     "add1Sum"
                                     ("f"
                                      "x!1`acks"
                                      "g"
                                      "y!1`acks"
                                      "j"
                                      "y!1`comp"))
                                    (("1"
                                      (assert)
                                      (("1"
                                        (prop)
                                        (("1"
                                          (use
                                           "newLim"
                                           ("lim"
                                            "1 + x!1`comp"
                                            "newlim"
                                            "1 + y!1`comp"
                                            "f"
                                            "x!1`acks"))
                                          (("1"
                                            (assert)
                                            (("1"
                                              (prop)
                                              (("1"
                                                (assert)
                                                (("1" (grind) nil nil))
                                                nil)
                                               ("2"
                                                (assert)
                                                (("2"
                                                  (skosimp)
                                                  (("2"
                                                    (expand "lq2")
                                                    (("2"
                                                      (inst -8 "i!1")
                                                      (("2"
                                                        (assert)
                                                        nil
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil)
                                         ("2"
                                          (hide 2)
                                          (("2"
                                            (assert)
                                            (("2"
                                              (skosimp)
                                              (("2"
                                                (expand "lq2")
                                                (("2"
                                                  (inst -5 "i!1")
                                                  (("2"
                                                    (assert)
                                                    (("2"
                                                      (ground)
                                                      (("1"
                                                        (grind)
                                                        nil
                                                        nil)
                                                       ("2"
                                                        (grind)
                                                        nil
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil)
                               ("2" (prop)
                                (("2"
                                  (assert)
                                  (("2"
                                    (reveal 1)
                                    (("2"
                                      (hide 3)
                                      (("2"
                                        (replace -1)
                                        (("2"
                                          (assert)
                                          (("2"
                                            (case
                                             "x!1`acks
                  WITH [(firstbottom?(x!1`b, x!1`comp))
                          := x!1`acks(firstbottom?(x!1`b, x!1`comp))]= x!1`acks
 ")
                                            (("1"
                                              (assert)
                                              (("1"
                                                (replace -1)
                                                (("1" (propax) nil nil))
                                                nil))
                                              nil)
                                             ("2" (assert) nil nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (prop)
              (("1" (assert)
                (("1" (assert)
                  (("1" (hide 2)
                    (("1" (expand "lqall")
                      (("1" (flatten)
                        (("1" (expand "lq2")
                          (("1" (expand "ackInTrans")
                            (("1" (assert)
                              (("1"
                                (use "add1Sum"
                                     ("f"
                                      "x!1`acks"
                                      "g"
                                      "y!1`acks"
                                      "j"
                                      "y!1`comp"))
                                (("1"
                                  (assert)
                                  (("1"
                                    (hide 2 3)
                                    (("1"
                                      (skosimp)
                                      (("1"
                                        (assert)
                                        (("1"
                                          (inst -6 "i!1")
                                          (("1"
                                            (replace -2)
                                            (("1"
                                              (assert)
                                              (("1"
                                                (assert)
                                                (("1" (grind) nil nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil)
               ("2" (assert)
                (("2" (expand "lqall")
                  (("2" (flatten)
                    (("2" (expand "lq3")
                      (("2" (expand "lq2")
                        (("2" (inst? -5)
                          (("2" (assert)
                            (("2" (inst? -6)
                              (("2" (assert) (("2" (grind) nil nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((recvMessage const-decl "bool" sliding nil)
      (ackInTrans const-decl "nat" sliding nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (add1Sum formula-decl nil sliding nil)
      (number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (>= const-decl "bool" reals nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (Item type-decl nil sliding nil) (lift type-decl nil lift_adt nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq7 const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sumUpTo def-decl "nat" sliding nil)
      (newLim formula-decl nil sliding nil)
      (lqall const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (lq0 const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (lq5 const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil))
     4297 3880 t shostak))
   (recvack_intrans 0
    (recvack_intrans-2 nil 3391513017 3391516223
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (skosimp)
          (("" (case "y!1`acks(ack!1)+1 = x!1`acks(ack!1)")
            (("1" (case "x!1`down + ww <= y!1`down + ww")
              (("1" (assert)
                (("1" (expand "lqall")
                  (("1" (flatten)
                    (("1" (hide -5 -6 -9 -10)
                      (("1" (expand "lq2")
                        (("1" (inst -5 "ack!1")
                          (("1" (assert)
                            (("1" (expand "ackInTrans")
                              (("1" (assert)
                                (("1"
                                  (case "y!1`comp = x!1`comp")
                                  (("1"
                                    (replace -1)
                                    (("1"
                                      (use
                                       "add1Sum"
                                       ("f"
                                        "y!1`acks"
                                        "g"
                                        "x!1`acks"
                                        "j"
                                        "ack!1"))
                                      (("1"
                                        (assert)
                                        (("1"
                                          (hide 2)
                                          (("1"
                                            (skosimp)
                                            (("1"
                                              (replace -5)
                                              (("1"
                                                (assert)
                                                (("1"
                                                  (ground)
                                                  (("1" (grind) nil nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil)
                                   ("2"
                                    (hide 2)
                                    (("2"
                                      (assert)
                                      (("2"
                                        (replace -4)
                                        (("2" (assert) nil nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil)
               ("2" (hide 2)
                (("2" (assert)
                  (("2" (expand "lqall")
                    (("2" (flatten)
                      (("2" (hide -4 -5 -6 -7 -8)
                        (("2" (expand "lq5")
                          (("2" (assert) (("2" (grind) nil nil)) nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (hide 2) (("2" (assert) (("2" (grind) nil nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((receiveAck const-decl "bool" sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (lq5 const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (lq2 const-decl "bool" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (lq3 const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (lq7 const-decl "bool" sliding nil)
      (add1Sum formula-decl nil sliding nil)
      (ackInTrans const-decl "nat" sliding nil)
      (lqall const-decl "bool" sliding nil)
      (<= const-decl "bool" reals nil)
      (nonneg_int nonempty-type-eq-decl nil integers nil)
      (> const-decl "bool" reals nil)
      (posnat nonempty-type-eq-decl nil integers nil)
      (ww const-decl "posnat" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (lq0 const-decl "bool" sliding nil))
     1901 1690 t nil)
    (recvack_intrans-1 nil 3390734587 3391510769
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (skosimp)
          (("" (case "y!1`acks(ack!1)+1 = x!1`acks(ack!1)")
            (("1" (case "x!1`down + x!1`ww <= y!1`down + y!1`ww")
              (("1" (assert)
                (("1" (expand "lqall")
                  (("1" (flatten)
                    (("1" (hide -5 -6 -9 -10)
                      (("1" (expand "lq2")
                        (("1" (inst -5 "ack!1")
                          (("1" (assert)
                            (("1" (expand "ackInTrans")
                              (("1" (assert)
                                (("1"
                                  (case "y!1`comp = x!1`comp")
                                  (("1"
                                    (replace -1)
                                    (("1"
                                      (use
                                       "add1Sum"
                                       ("f"
                                        "y!1`acks"
                                        "g"
                                        "x!1`acks"
                                        "j"
                                        "ack!1"))
                                      (("1"
                                        (assert)
                                        (("1"
                                          (hide 2)
                                          (("1"
                                            (skosimp)
                                            (("1"
                                              (replace -5)
                                              (("1"
                                                (assert)
                                                (("1"
                                                  (ground)
                                                  (("1" (grind) nil nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil)
                                   ("2"
                                    (hide 2)
                                    (("2"
                                      (assert)
                                      (("2"
                                        (replace -4)
                                        (("2" (assert) nil nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil)
               ("2" (hide 2)
                (("2" (assert)
                  (("2" (expand "lqall")
                    (("2" (flatten)
                      (("2" (hide -4 -5 -6 -7 -8)
                        (("2" (expand "lq5")
                          (("2" (assert) (("2" (grind) nil nil)) nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (hide 2) (("2" (assert) (("2" (grind) nil nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     unfinished
     ((receiveAck const-decl "bool" sliding nil)
      (state type-eq-decl nil sliding nil)
      (posnat nonempty-type-eq-decl nil integers nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (Item type-decl nil sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (lq5 const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (lq2 const-decl "bool" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (lq3 const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (add1Sum formula-decl nil sliding nil)
      (ackInTrans const-decl "nat" sliding nil)
      (lqall const-decl "bool" sliding nil)
      (<= const-decl "bool" reals nil)
      (lq4 const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (lq0 const-decl "bool" sliding nil))
     94 70 t shostak))
   (recvack_MessIntrans 0
    (recvack_MessIntrans-3 nil 3391513061 3391516224
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (skosimp)
          (("" (expand "messInTrans")
            (("" (name "fy" "LAMBDA (i: nat): y!1`mess(message(i))")
              (("" (name "fx" "LAMBDA (i: nat): x!1`mess(message(i))")
                (("" (replace* -1 -2)
                  ((""
                    (use "newLim"
                         ("lim" "x!1`down + ww" "newlim" "y!1`down + ww"
                          "f" "fx"))
                    (("" (assert)
                      (("" (case "fx=fy")
                        (("1" (assert)
                          (("1" (hide 2)
                            (("1" (prop)
                              (("1" (replace -5)
                                (("1"
                                  (assert)
                                  (("1"
                                    (lift-if)
                                    (("1"
                                      (split +)
                                      (("1"
                                        (prop)
                                        (("1" (assert) nil nil))
                                        nil)
                                       ("2"
                                        (prop)
                                        (("2" (assert) nil nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil)
                               ("2" (skosimp)
                                (("2"
                                  (expand "fx")
                                  (("2"
                                    (expand "message")
                                    (("2"
                                      (assert)
                                      (("2"
                                        (expand "lqall")
                                        (("2"
                                          (replace -7)
                                          (("2"
                                            (assert)
                                            (("2"
                                              (flatten)
                                              (("2"
                                                (expand "lq5")
                                                (("2"
                                                  (inst? -12)
                                                  (("2"
                                                    (assert)
                                                    nil
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil)
                         ("2" (hide 2)
                          (("2" (assert)
                            (("2" (replace -5) (("2" (assert) nil nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((receiveAck const-decl "bool" sliding nil)
      (messInTrans const-decl "nat" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (newLim formula-decl nil sliding nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (nonneg_int nonempty-type-eq-decl nil integers nil)
      (> const-decl "bool" reals nil)
      (posnat nonempty-type-eq-decl nil integers nil)
      (ww const-decl "posnat" sliding nil)
      (lqall const-decl "bool" sliding nil)
      (lq5 const-decl "bool" sliding nil)
      (a const-decl "[nat -> Item]" sliding nil)
      (fx skolem-const-decl "[nat -> nat]" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (>= const-decl "bool" reals nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (Item type-decl nil sliding nil) (lift type-decl nil lift_adt nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (message const-decl "Mess" sliding nil))
     1016 790 t nil)
    (recvack_MessIntrans-2 nil 3391427266 3391510769
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (skosimp)
          (("" (expand "messInTrans")
            (("" (name "fy" "LAMBDA (i: nat): y!1`mess(message(y!1, i))")
              ((""
                (name "fx" "LAMBDA (i: nat): x!1`mess(message(x!1, i))")
                (("" (replace* -1 -2)
                  (("" (use "add1Sum" ("f" "fy" "g" "fy"))
                    (("" (assert)
                      (("" (expand "lqall")
                        (("" (flatten)
                          (("" (prop)
                            (("1" (assert) (("1" (grind) nil nil)) nil)
                             ("2" (hide 2)
                              (("2" (skosimp)
                                (("2"
                                  (assert)
                                  (("2"
                                    (lift-if +)
                                    (("2"
                                      (split +)
                                      (("1"
                                        (assert)
                                        (("1" (postpone) nil nil))
                                        nil)
                                       ("2" (propax) nil nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     unfinished nil 67 40 t nil)
    (recvack_MessIntrans-1 nil 3391425711 3391427203
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (skosimp)
          (("" (expand "messInTrans")
            (("" (name "fy" "LAMBDA (i: nat): y!1`mess(message(y!1, i))")
              ((""
                (name "fx" "LAMBDA (i: nat): x!1`mess(message(x!1, i))")
                (("" (replace* -1 -2)
                  (("" (use "add1Sum" ("f" "fy" "g" "fx"))
                    (("" (assert)
                      (("" (expand "lqall")
                        (("" (flatten)
                          (("" (prop)
                            (("1" (grind) nil nil)
                             ("2" (hide 2)
                              (("2" (skosimp)
                                (("2"
                                  (case "fx=fy")
                                  (("1"
                                    (replace -1 * rl)
                                    (("1"
                                      (assert)
                                      (("1" (postpone) nil nil))
                                      nil))
                                    nil)
                                   ("2"
                                    (assert)
                                    (("2" (grind) nil nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     unfinished nil 210245 2520 t shostak))
   (loosemsg_intrans 0
    (loosemsg_intrans-3 nil 3391513310 3391516227
     ("" (skosimp)
      (("" (expand "looseMess")
        (("" (skosimp)
          (("" (case "y!1`mess(m!1)+1 = x!1`mess(m!1)")
            (("1" (name "mi" "m!1`index")
              (("1" (case "mi < x!1`down + ww")
                (("1" (case "m!1=message( mi)")
                  (("1" (case "m!1=message( mi)")
                    (("1"
                      (case "forall (m: Mess): m /= m!1 IMPLIES y!1`mess(m) = x
 !1`mess(m)")
                      (("1" (case "x!1`down + ww <= y!1`down + ww")
                        (("1" (expand "lqall")
                          (("1" (flatten)
                            (("1" (hide -10 -11 -12 -13 -14)
                              (("1" (expand "messInTrans")
                                (("1"
                                  (case
                                   "sumUpTo(LAMBDA (i: nat): x!1`mess(message(i
 )),x!1`down + ww)
                                                        =  sumUpTo(LAMBDA (i: n
 at): x!1`mess(message(i)),y!1`down + ww)")
                                  (("1"
                                    (case
                                     "sumUpTo(LAMBDA (i: nat): x!1`mess(message
 (i)),
                                                                            y!1
 `down + ww) = 1 +   sumUpTo(LAMBDA (i: nat): y!1`mess(message(i)),
                                                                           y!1`
 down + ww)
                                                                 ")
                                    (("1" (assert) nil nil)
                                     ("2"
                                      (hide 2)
                                      (("2"
                                        (name
                                         "fy"
                                         "lambda (i:nat):x!1`mess(message(i))")
                                        (("2"
                                          (name
                                           "fx"
                                           "lambda (i:nat): y!1`mess(message(i)
 )")
                                          (("2"
                                            (replace* -1 -2)
                                            (("2"
                                              (use
                                               "add1Sum"
                                               ("j"
                                                "mi"
                                                "f"
                                                "fx"
                                                "g"
                                                "fy"
                                                "lim"
                                                "y!1`down+ww"))
                                              (("2"
                                                (assert)
                                                (("2"
                                                  (skosimp)
                                                  (("2"
                                                    (lift-if)
                                                    (("2"
                                                      (expand "fy")
                                                      (("2"
                                                        (expand "fx")
                                                        (("2"
                                                          (case
                                                           "message(i!1)=messag
 e (i!1)")
                                                          (("1"
                                                            (hide 2)
                                                            (("1"
                                                              (replace
                                                               -1)
                                                              (("1"
                                                                (assert)
                                                                (("1"
                                                                  (prop)
                                                                  (("1"
                                                                    (assert)
                                                                    (("1"
                                                                      (expand
                                                                       "message
 ")
                                                                      (("1"
                                                                        (assert
 )
                                                                        nil
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil)
                                                           ("2"
                                                            (propax)
                                                            nil
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil)
                                   ("2"
                                    (hide 2)
                                    (("2" (assert) nil nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil)
                         ("2" (hide 2) (("2" (assert) nil nil)) nil))
                        nil)
                       ("2" (hide 2)
                        (("2" (skosimp) (("2" (assert) nil nil)) nil))
                        nil))
                      nil)
                     ("2" (propax) nil nil))
                    nil)
                   ("2" (expand "lqall")
                    (("2" (flatten)
                      (("2" (expand "lq1")
                        (("2" (inst?)
                          (("2" (expand "message")
                            (("2" (assert)
                              (("2" (grind)
                                (("1"
                                  (apply-extensionality :hide? t)
                                  nil
                                  nil)
                                 ("2"
                                  (apply-extensionality :hide? t)
                                  nil
                                  nil)
                                 ("3"
                                  (apply-extensionality :hide? t)
                                  nil
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil)
                 ("2" (hide 2)
                  (("2" (assert)
                    (("2" (expand "lqall")
                      (("2" (flatten)
                        (("2" (expand "lq5")
                          (("2" (inst -10 "m!1") (("2" (assert) nil nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (hide 2) (("2" (assert) nil nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((looseMess const-decl "bool" sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (ww const-decl "posnat" sliding nil)
      (posnat nonempty-type-eq-decl nil integers nil)
      (> const-decl "bool" reals nil)
      (nonneg_int nonempty-type-eq-decl nil integers nil)
      (< const-decl "bool" reals nil) (lq1 const-decl "bool" sliding nil)
      (lq7 const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (lq5 const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (lq0 const-decl "bool" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (int_plus_int_is_int application-judgement "int" integers nil)
      (minus_odd_is_odd application-judgement "odd_int" integers nil)
      (<= const-decl "bool" reals nil)
      (messInTrans const-decl "nat" sliding nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (fx skolem-const-decl "[nat -> nat]" sliding nil)
      (fy skolem-const-decl "[nat -> nat]" sliding nil)
      (add1Sum formula-decl nil sliding nil)
      (sumUpTo def-decl "nat" sliding nil)
      (lqall const-decl "bool" sliding nil)
      (/= const-decl "boolean" notequal nil)
      (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
      (message const-decl "Mess" sliding nil))
     3433 2990 t nil)
    (loosemsg_intrans-2 nil 3391513232 3391513251
     (";;; Proof loosemsg_intrans-1 for formula sliding.loosemsg_intrans"
      (skosimp)
      ((";;; Proof loosemsg_intrans-1 for formula sliding.loosemsg_intrans"
        (expand "looseMess")
        ((";;; Proof loosemsg_intrans-1 for formula sliding.loosemsg_intrans"
          (skosimp)
          ((";;; Proof loosemsg_intrans-1 for formula sliding.loosemsg_intrans"
            (case "y!1`mess(m!1)+1 = x!1`mess(m!1)")
            (("1" (name "mi" "m!1`index")
              (("1" (case "mi < x!1`down + ww")
                (("1" (case "m!1=message(x!1, mi)")
                  (("1" (case "m!1=message(x!1, mi)")
                    (("1"
                      (case "forall (m: Mess): m /= m!1 IMPLIES y!1`mess(m) = x
 !1`mess(m)")
                      (("1" (case "x!1`down + ww <= y!1`down + ww")
                        (("1" (expand "lqall")
                          (("1" (flatten)
                            (("1" (hide -10 -11 -12 -13 -14)
                              (("1" (expand "messInTrans")
                                (("1"
                                  (case
                                   "sumUpTo(LAMBDA (i: nat): x!1`mess(message(i
 )),x!1`down + ww)
                                     =  sumUpTo(LAMBDA (i: nat): x!1`mess(messa
 ge(i)),y!1`down + ww)")
                                  (("1"
                                    (case
                                     "sumUpTo(LAMBDA (i: nat): x!1`mess(message
 (i)),
                                                       y!1`down + ww) = 1 +   s
 umUpTo(LAMBDA (i: nat): y!1`mess(message(i)),
                                                      y!1`down + ww)
                                            ")
                                    (("1" (assert) nil)
                                     ("2"
                                      (hide 2)
                                      (("2"
                                        (name
                                         "fy"
                                         "lambda (i:nat):x!1`mess(message(i))")
                                        (("2"
                                          (name
                                           "fx"
                                           "lambda (i:nat): y!1`mess(message(i)
 )")
                                          (("2"
                                            (replace* -1 -2)
                                            (("2"
                                              (use
                                               "add1Sum"
                                               ("j"
                                                "mi"
                                                "f"
                                                "fx"
                                                "g"
                                                "fy"
                                                "lim"
                                                "y!1`down+ww"))
                                              (("2"
                                                (assert)
                                                (("2"
                                                  (skosimp)
                                                  (("2"
                                                    (lift-if)
                                                    (("2"
                                                      (expand "fy")
                                                      (("2"
                                                        (expand "fx")
                                                        (("2"
                                                          (case
                                                           "message(i!1)=messag
 e (i!1)")
                                                          (("1"
                                                            (hide 2)
                                                            (("1"
                                                              (replace
                                                               -1)
                                                              (("1"
                                                                (assert)
                                                                (("1"
                                                                  (prop)
                                                                  (("1"
                                                                    (assert)
                                                                    (("1"
                                                                      (expand
                                                                       "message
 ")
                                                                      (("1"
                                                                        (assert
 )
                                                                        nil))))
 )))))))))
                                                           ("2"
                                                            (inst?)
                                                            (("2"
                                                              (expand
                                                               "message")
                                                              (("2"
                                                                (propax)
                                                                nil))))))))))))
 )))))))))))))))))
                                   ("2"
                                    (hide 2)
                                    (("2" (assert) nil)))))))))))))
                         ("2" (hide 2) (("2" (assert) nil)))))
                       ("2" (hide 2)
                        (("2" (skosimp) (("2" (assert) nil)))))))
                     ("2" (propax) nil)))
                   ("2" (expand "lqall")
                    (("2" (flatten)
                      (("2" (expand "lq1")
                        (("2" (inst?)
                          (("2" (expand "message")
                            (("2" (assert)
                              (("2" (grind)
                                (("1"
                                  (apply-extensionality :hide? t)
                                  nil)
                                 ("2"
                                  (apply-extensionality :hide? t)
                                  nil)
                                 ("3"
                                  (apply-extensionality :hide? t)
                                  nil)))))))))))))))))
                 ("2" (hide 2)
                  (("2" (assert)
                    (("2" (expand "lqall")
                      (("2" (flatten)
                        (("2" (expand "lq5")
                          (("2" (inst -10 "m!1")
                            (("2" (assert) nil)))))))))))))))))
             ("2" (hide 2) (("2" (assert) nil))))))))))
      ";;; developed with shostak decision procedures")
     unfinished nil 15374 110 t nil)
    (loosemsg_intrans-1 nil 3390734940 3391510769
     ("" (skosimp)
      (("" (expand "looseMess")
        (("" (skosimp)
          (("" (case "y!1`mess(m!1)+1 = x!1`mess(m!1)")
            (("1" (name "mi" "m!1`index")
              (("1" (case "mi < x!1`down + x!1`ww")
                (("1" (case "m!1=message(x!1, mi)")
                  (("1" (case "m!1=message(x!1, mi)")
                    (("1"
                      (case "forall (m: Mess): m /= m!1 IMPLIES y!1`mess(m) = x
 !1`mess(m)")
                      (("1"
                        (case "x!1`down + x!1`ww <= y!1`down + y!1`ww")
                        (("1" (expand "lqall")
                          (("1" (flatten)
                            (("1" (hide -10 -11 -12 -13 -14)
                              (("1" (expand "messInTrans")
                                (("1"
                                  (case
                                   "sumUpTo(LAMBDA (i: nat): x!1`mess(message(x
 !1, i)),x!1`down + x!1`ww)
                  =  sumUpTo(LAMBDA (i: nat): x!1`mess(message(x!1, i)),y!1`dow
 n + y!1`ww)")
                                  (("1"
                                    (case
                                     "sumUpTo(LAMBDA (i: nat): x!1`mess(message
 (x!1, i)),
                                  y!1`down + y!1`ww) = 1 +   sumUpTo(LAMBDA (i:
  nat): y!1`mess(message(y!1, i)),
                                 y!1`down + y!1`ww)
                       ")
                                    (("1" (assert) nil nil)
                                     ("2"
                                      (hide 2)
                                      (("2"
                                        (name
                                         "fy"
                                         "lambda (i:nat):x!1`mess(message(x!1,i
 ))")
                                        (("2"
                                          (name
                                           "fx"
                                           "lambda (i:nat): y!1`mess(message(y!
 1,i))")
                                          (("2"
                                            (replace* -1 -2)
                                            (("2"
                                              (use
                                               "add1Sum"
                                               ("j"
                                                "mi"
                                                "f"
                                                "fx"
                                                "g"
                                                "fy"
                                                "lim"
                                                "y!1`down+y!1`ww"))
                                              (("2"
                                                (assert)
                                                (("2"
                                                  (skosimp)
                                                  (("2"
                                                    (lift-if)
                                                    (("2"
                                                      (expand "fy")
                                                      (("2"
                                                        (expand "fx")
                                                        (("2"
                                                          (case
                                                           "message(y!1, i!1)=m
 essage (x!1,i!1)")
                                                          (("1"
                                                            (hide 2)
                                                            (("1"
                                                              (replace
                                                               -1)
                                                              (("1"
                                                                (assert)
                                                                (("1"
                                                                  (prop)
                                                                  (("1"
                                                                    (assert)
                                                                    (("1"
                                                                      (expand
                                                                       "message
 ")
                                                                      (("1"
                                                                        (assert
 )
                                                                        nil
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil)
                                                           ("2"
                                                            (inst?)
                                                            (("2"
                                                              (expand
                                                               "message")
                                                              (("2"
                                                                (propax)
                                                                nil
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil)
                                   ("2"
                                    (hide 2)
                                    (("2" (assert) nil nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil)
                         ("2" (hide 2) (("2" (assert) nil nil)) nil))
                        nil)
                       ("2" (hide 2)
                        (("2" (skosimp) (("2" (assert) nil nil)) nil))
                        nil))
                      nil)
                     ("2" (propax) nil nil))
                    nil)
                   ("2" (expand "lqall")
                    (("2" (flatten)
                      (("2" (expand "lq1")
                        (("2" (inst?)
                          (("2" (expand "message")
                            (("2" (assert)
                              (("2" (grind)
                                (("1"
                                  (apply-extensionality :hide? t)
                                  nil
                                  nil)
                                 ("2"
                                  (apply-extensionality :hide? t)
                                  nil
                                  nil)
                                 ("3"
                                  (apply-extensionality :hide? t)
                                  nil
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil)
                 ("2" (hide 2)
                  (("2" (assert)
                    (("2" (expand "lqall")
                      (("2" (flatten)
                        (("2" (expand "lq5")
                          (("2" (inst -10 "m!1") (("2" (assert) nil nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (hide 2) (("2" (assert) nil nil)) nil))
            nil))
          nil))
        nil))
      nil)
     unfinished
     ((looseMess const-decl "bool" sliding nil)
      (state type-eq-decl nil sliding nil)
      (posnat nonempty-type-eq-decl nil integers nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (Item type-decl nil sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (< const-decl "bool" reals nil) (lq1 const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (lq5 const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (lq0 const-decl "bool" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (minus_odd_is_odd application-judgement "odd_int" integers nil)
      (<= const-decl "bool" reals nil)
      (messInTrans const-decl "nat" sliding nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (add1Sum formula-decl nil sliding nil)
      (sumUpTo def-decl "nat" sliding nil)
      (lqall const-decl "bool" sliding nil)
      (/= const-decl "boolean" notequal nil)
      (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
      (message const-decl "Mess" sliding nil))
     81 60 t shostak))
   (looseack_intrans 0
    (looseack_intrans-2 nil 3391513360 3391516228
     ("" (skosimp)
      (("" (expand "looseAck")
        (("" (skosimp)
          (("" (case "y!1`acks(ack!1)+1 = x!1`acks(ack!1)")
            (("1" (expand "lqall")
              (("1" (flatten)
                (("1" (hide -4 -5 -7 -8 -9 -10)
                  (("1" (expand "lq2")
                    (("1" (inst -4 "ack!1")
                      (("1" (assert)
                        (("1" (expand "ackInTrans")
                          (("1" (case "y!1`comp = x!1`comp")
                            (("1" (replace -1)
                              (("1"
                                (use "add1Sum"
                                     ("f"
                                      "y!1`acks"
                                      "g"
                                      "x!1`acks"
                                      "j"
                                      "ack!1"))
                                (("1"
                                  (assert)
                                  (("1"
                                    (hide 2)
                                    (("1"
                                      (skosimp)
                                      (("1"
                                        (replace -4)
                                        (("1"
                                          (assert)
                                          (("1"
                                            (ground)
                                            (("1" (grind) nil nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil)
                             ("2" (replace -3) (("2" (assert) nil nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (hide 2) (("2" (assert) nil nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((looseAck const-decl "bool" sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (lq2 const-decl "bool" sliding nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (add1Sum formula-decl nil sliding nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (lq7 const-decl "bool" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (ackInTrans const-decl "nat" sliding nil)
      (lqall const-decl "bool" sliding nil))
     611 500 nil nil)
    (looseack_intrans-1 nil 3390735106 3391510770
     ("" (skosimp)
      (("" (expand "looseAck")
        (("" (skosimp)
          (("" (case "y!1`acks(ack!1)+1 = x!1`acks(ack!1)")
            (("1" (expand "lqall")
              (("1" (flatten)
                (("1" (hide -4 -5 -7 -8 -9 -10)
                  (("1" (expand "lq2")
                    (("1" (inst -4 "ack!1")
                      (("1" (assert)
                        (("1" (expand "ackInTrans")
                          (("1" (case "y!1`comp = x!1`comp")
                            (("1" (replace -1)
                              (("1"
                                (use "add1Sum"
                                     ("f"
                                      "y!1`acks"
                                      "g"
                                      "x!1`acks"
                                      "j"
                                      "ack!1"))
                                (("1"
                                  (assert)
                                  (("1"
                                    (hide 2)
                                    (("1"
                                      (skosimp)
                                      (("1"
                                        (replace -4)
                                        (("1"
                                          (assert)
                                          (("1"
                                            (ground)
                                            (("1" (grind) nil nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil)
                             ("2" (replace -3) (("2" (assert) nil nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (hide 2) (("2" (assert) nil nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((looseAck const-decl "bool" sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (lq2 const-decl "bool" sliding nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (add1Sum formula-decl nil sliding nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (lq7 const-decl "bool" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (ackInTrans const-decl "nat" sliding nil)
      (lqall const-decl "bool" sliding nil))
     569 480 t shostak))
   (ma_step 0
    (ma_step-2 nil 3391514436 3391516233
     ("" (skosimp)
      (("" (expand "step")
        (("" (prop)
          (("1" (use "recvack_MessIntrans")
            (("1" (use "recvack_intrans")
              (("1" (assert)
                (("1" (expand "ma") (("1" (assert) nil nil)) nil)) nil))
              nil))
            nil)
           ("2" (expand "ma")
            (("2" (use "recvmsg_intrans1")
              (("2" (use "recvmsg_intrans2")
                (("2" (assert) (("2" (grind) nil nil)) nil)) nil))
              nil))
            nil)
           ("3" (use "loosemsg_intrans")
            (("3" (expand "ma")
              (("3" (assert)
                (("3" (expand "ackInTrans")
                  (("3" (expand "messInTrans")
                    (("3" (assert) (("3" (grind) nil nil)) nil)) nil))
                  nil))
                nil))
              nil))
            nil)
           ("4" (use "looseack_intrans")
            (("4" (expand "ma")
              (("4" (expand "looseAck")
                (("4" (assert) (("4" (grind) nil nil)) nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseack_intrans formula-decl nil sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (loosemsg_intrans formula-decl nil sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvmsg_intrans2 formula-decl nil sliding nil)
      (sumUpTo def-decl "nat" sliding nil)
      (lqall const-decl "bool" sliding nil)
      (lq7 const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (lq5 const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (lq0 const-decl "bool" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (messInTrans const-decl "nat" sliding nil)
      (message const-decl "Mess" sliding nil)
      (ackInTrans const-decl "nat" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (int_plus_int_is_int application-judgement "int" integers nil)
      (recvmsg_intrans1 formula-decl nil sliding nil)
      (recvack_MessIntrans formula-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (mult_divides2 application-judgement "(divides(m))" divides nil)
      (mult_divides1 application-judgement "(divides(n))" divides nil)
      (even_times_int_is_even application-judgement "even_int" integers
       nil)
      (nnint_times_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (ma const-decl "nat" sliding nil)
      (recvack_intrans formula-decl nil sliding nil))
     4765 4220 t nil)
    (ma_step-1 nil 3390798300 3391510774
     ("" (skosimp)
      (("" (expand "step")
        (("" (prop)
          (("1" (use "recvack_MessIntrans")
            (("1" (use "recvack_intrans")
              (("1" (assert)
                (("1" (expand "ma") (("1" (assert) nil nil)) nil)) nil))
              nil))
            nil)
           ("2" (expand "ma")
            (("2" (use "recvmsg_intrans1")
              (("2" (use "recvmsg_intrans2")
                (("2" (assert) (("2" (grind) nil nil)) nil)) nil))
              nil))
            nil)
           ("3" (use "loosemsg_intrans")
            (("3" (expand "ma")
              (("3" (assert)
                (("3" (expand "ackInTrans")
                  (("3" (expand "messInTrans")
                    (("3" (assert) (("3" (grind) nil nil)) nil)) nil))
                  nil))
                nil))
              nil))
            nil)
           ("4" (use "looseack_intrans")
            (("4" (expand "ma")
              (("4" (expand "looseAck")
                (("4" (assert) (("4" (grind) nil nil)) nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     untried
     ((step const-decl "bool" sliding nil)
      (looseack_intrans formula-decl nil sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (loosemsg_intrans formula-decl nil sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvmsg_intrans2 formula-decl nil sliding nil)
      (sumUpTo def-decl "nat" sliding nil)
      (lqall const-decl "bool" sliding nil)
      (lq7 const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (lq5 const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (lq0 const-decl "bool" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (messInTrans const-decl "nat" sliding nil)
      (message const-decl "Mess" sliding nil)
      (ackInTrans const-decl "nat" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (int_plus_int_is_int application-judgement "int" integers nil)
      (recvmsg_intrans1 formula-decl nil sliding nil)
      (recvack_MessIntrans formula-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (mult_divides2 application-judgement "(divides(m))" divides nil)
      (mult_divides1 application-judgement "(divides(n))" divides nil)
      (even_times_int_is_even application-judgement "even_int" integers
       nil)
      (nnint_times_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (ma const-decl "nat" sliding nil)
      (recvack_intrans formula-decl nil sliding nil))
     4801 4320 t shostak))
   (comp_acomps 0
    (comp_acomps-2 nil 3391514503 3391516233
     ("" (skosimp)
      (("" (expand "step")
        (("" (prop)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (replace -2 :hide? t) (("1" (assert) nil nil)) nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 :hide? t) (("2" (assert) nil nil)) nil))
            nil)
           ("3" (expand "recvMessage")
            (("3" (skosimp)
              (("3" (split)
                (("1" (flatten)
                  (("1" (replace -2 :hide? t)
                    (("1" (assert)
                      (("1" (lift-if)
                        (("1" (prop)
                          (("1" (assert)
                            (("1" (expand "firstbottom?")
                              (("1" (assert) nil nil)) nil))
                            nil)
                           ("2" (assert) nil nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil)
                 ("2" (flatten)
                  (("2" (split)
                    (("1" (assert) nil nil)
                     ("2" (prop) (("2" (assert) nil nil)) nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("4" (expand "looseMess") (("4" (assert) nil nil)) nil)
           ("5" (expand "looseAck")
            (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (sendMessage const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     530 460 t nil)
    (comp_acomps-1 nil 3390645773 3391510775
     ("" (skosimp)
      (("" (expand "step")
        (("" (prop)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (replace -2 :hide? t) (("1" (assert) nil nil)) nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 :hide? t) (("2" (assert) nil nil)) nil))
            nil)
           ("3" (expand "recvMessage")
            (("3" (skosimp)
              (("3" (split)
                (("1" (flatten)
                  (("1" (replace -2 :hide? t)
                    (("1" (assert)
                      (("1" (lift-if)
                        (("1" (prop)
                          (("1" (assert)
                            (("1" (expand "firstbottom?")
                              (("1" (assert) nil nil)) nil))
                            nil)
                           ("2" (assert) nil nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil)
                 ("2" (flatten)
                  (("2" (split)
                    (("1" (assert) nil nil)
                     ("2" (prop) (("2" (assert) nil nil)) nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("4" (expand "looseMess") (("4" (assert) nil nil)) nil)
           ("5" (expand "looseAck")
            (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     untried
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (sendMessage const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     531 480 t shostak))
   (sendcnt_asends 0
    (sendcnt_asends-2 nil 3391514527 3391516234
     ("" (skosimp)
      (("" (expand "step")
        (("" (assert)
          (("" (prop)
            (("1" (assert)
              (("1" (expand "receiveAck")
                (("1" (skosimp)
                  (("1" (assert) (("1" (grind) nil nil)) nil)) nil))
                nil))
              nil)
             ("2" (expand "sendMessage") (("2" (grind) nil nil)) nil)
             ("3" (expand "recvMessage")
              (("3" (assert) (("3" (grind) nil nil)) nil)) nil)
             ("4" (expand "looseMess") (("4" (propax) nil nil)) nil)
             ("5" (expand "looseAck") (("5" (propax) nil nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (sendMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil))
     835 730 t nil)
    (sendcnt_asends-1 nil 3390541694 3391510776
     ("" (skosimp)
      (("" (expand "step")
        (("" (assert)
          (("" (prop)
            (("1" (assert)
              (("1" (expand "receiveAck")
                (("1" (skosimp)
                  (("1" (assert) (("1" (grind) nil nil)) nil)) nil))
                nil))
              nil)
             ("2" (expand "sendMessage") (("2" (grind) nil nil)) nil)
             ("3" (expand "recvMessage")
              (("3" (assert) (("3" (grind) nil nil)) nil)) nil)
             ("4" (expand "looseMess") (("4" (propax) nil nil)) nil)
             ("5" (expand "looseAck") (("5" (propax) nil nil)) nil))
            nil))
          nil))
        nil))
      nil)
     untried
     ((step const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (sendMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil))
     841 740 t shostak))
   (ackcnt_aacks 0
    (ackcnt_aacks-2 nil 3391514550 3391516236
     ("" (skosimp) (("" (grind) nil nil)) nil) proved
     ((real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (>= const-decl "bool" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number nonempty-type-decl nil numbers nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (boolean nonempty-type-decl nil booleans nil)
      (int_minus_int_is_int application-judgement "int" integers nil))
     1678 1510 t nil)
    (ackcnt_aacks-1 nil 3390541884 3391510778
     ("" (skosimp) (("" (grind) nil nil)) nil) untried
     ((real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (>= const-decl "bool" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number nonempty-type-decl nil numbers nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (boolean nonempty-type-decl nil booleans nil)
      (int_minus_int_is_int application-judgement "int" integers nil))
     2133 1590 t shostak))
   (rc_arcs 0
    (rc_arcs-2 nil 3391514579 3391516239
     ("" (skosimp) (("" (grind) nil nil)) nil) proved
     ((real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (>= const-decl "bool" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number nonempty-type-decl nil numbers nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (boolean nonempty-type-decl nil booleans nil)
      (int_minus_int_is_int application-judgement "int" integers nil))
     2718 1530 t nil)
    (rc_arcs-1 nil 3390541903 3391510780
     ("" (skosimp) (("" (grind) nil nil)) nil) untried
     ((real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (>= const-decl "bool" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number nonempty-type-decl nil numbers nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (boolean nonempty-type-decl nil booleans nil)
      (int_minus_int_is_int application-judgement "int" integers nil))
     1710 1560 t shostak))
   (ackrc_aackrcs 0
    (ackrc_aackrcs-2 nil 3391514599 3391516240
     ("" (skosimp) (("" (grind) nil nil)) nil) proved
     ((real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (>= const-decl "bool" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number nonempty-type-decl nil numbers nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (boolean nonempty-type-decl nil booleans nil))
     1251 1130 t nil)
    (ackrc_aackrcs-1 nil 3390541922 3391510781
     ("" (skosimp) (("" (grind) nil nil)) nil) untried
     ((real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (>= const-decl "bool" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number nonempty-type-decl nil numbers nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (boolean nonempty-type-decl nil booleans nil))
     1220 1120 t shostak))
   (rc_val 0
    (rc_val-2 nil 3391514623 3391516241
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (assert)
                (("1" (replace -2) (("1" (assert) nil nil)) nil)) nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 * LR) (("2" (assert) nil nil)) nil)) nil)
           ("3" (expand "recvMessage")
            (("3" (assert)
              (("3" (skosimp)
                (("3" (lift-if)
                  (("3" (assert)
                    (("3" (split)
                      (("1" (flatten)
                        (("1" (prop)
                          (("1" (replace -2 * LR)
                            (("1" (assert)
                              (("1" (lift-if) (("1" (assert) nil nil))
                                nil))
                              nil))
                            nil)
                           ("2" (replace -1)
                            (("2" (assert)
                              (("2" (lift-if) (("2" (assert) nil nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil)
                       ("2" (flatten)
                        (("2" (prop)
                          (("1" (assert)
                            (("1" (replace -2 * LR)
                              (("1" (assert)
                                (("1"
                                  (lift-if)
                                  (("1" (assert) nil nil))
                                  nil))
                                nil))
                              nil))
                            nil)
                           ("2" (replace -2 * LR)
                            (("2" (assert)
                              (("2" (lift-if) (("2" (assert) nil nil))
                                nil))
                              nil))
                            nil)
                           ("3" (replace -1 * LR)
                            (("3" (assert)
                              (("3" (lift-if) (("3" (assert) nil nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (replace -2 * LR) (("4" (assert) nil nil)) nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (skosimp)
              (("5" (replace -2 * LR) (("5" (assert) nil nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     1119 1020 t nil)
    (rc_val-1 nil 3390287845 3391510782
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (assert)
                (("1" (replace -2) (("1" (assert) nil nil)) nil)) nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 * LR) (("2" (assert) nil nil)) nil)) nil)
           ("3" (expand "recvMessage")
            (("3" (assert)
              (("3" (skosimp)
                (("3" (lift-if)
                  (("3" (assert)
                    (("3" (split)
                      (("1" (flatten)
                        (("1" (prop)
                          (("1" (replace -2 * LR)
                            (("1" (assert)
                              (("1" (lift-if) (("1" (assert) nil nil))
                                nil))
                              nil))
                            nil)
                           ("2" (replace -1)
                            (("2" (assert)
                              (("2" (lift-if) (("2" (assert) nil nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil)
                       ("2" (flatten)
                        (("2" (prop)
                          (("1" (assert)
                            (("1" (replace -2 * LR)
                              (("1" (assert)
                                (("1"
                                  (lift-if)
                                  (("1" (assert) nil nil))
                                  nil))
                                nil))
                              nil))
                            nil)
                           ("2" (replace -2 * LR)
                            (("2" (assert)
                              (("2" (lift-if) (("2" (assert) nil nil))
                                nil))
                              nil))
                            nil)
                           ("3" (replace -1 * LR)
                            (("3" (assert)
                              (("3" (lift-if) (("3" (assert) nil nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (replace -2 * LR) (("4" (assert) nil nil)) nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (skosimp)
              (("5" (replace -2 * LR) (("5" (assert) nil nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     untried
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     1136 1030 t shostak))
   (ackrc_val 0
    (ackrc_val-2 nil 3391514643 3391516242
     ("" (skosimp)
      (("" (expand "step")
        (("" (assert)
          (("" (split)
            (("1" (assert) (("1" (grind) nil nil)) nil)
             ("2" (grind) nil nil) ("3" (grind) nil nil)
             ("4" (grind) nil nil)
             ("5" (expand "looseAck") (("5" (propax) nil nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (>= const-decl "bool" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number nonempty-type-decl nil numbers nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (boolean nonempty-type-decl nil booleans nil)
      (sendMessage const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (firstbottom? const-decl "nat" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil))
     1232 1100 t nil)
    (ackrc_val-1 nil 3390288093 3391510783
     ("" (skosimp)
      (("" (expand "step")
        (("" (assert)
          (("" (split)
            (("1" (assert) (("1" (grind) nil nil)) nil)
             ("2" (grind) nil nil) ("3" (grind) nil nil)
             ("4" (grind) nil nil)
             ("5" (expand "looseAck") (("5" (propax) nil nil)) nil))
            nil))
          nil))
        nil))
      nil)
     untried
     ((step const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (>= const-decl "bool" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number nonempty-type-decl nil numbers nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (boolean nonempty-type-decl nil booleans nil)
      (sendMessage const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (firstbottom? const-decl "nat" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil))
     1219 1120 t shostak))
   (ackCnt_val 0
    (ackCnt_val-2 nil 3391514670 3391516244
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (replace -2 * LR) (("1" (assert) nil nil)) nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 * LR) (("2" (assert) nil nil)) nil)) nil)
           ("3" (expand "recvMessage")
            (("3" (assert) (("3" (grind) nil nil)) nil)) nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (replace -2 * LR) (("4" (assert) nil nil)) nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (skosimp)
              (("5" (replace -2 * LR) (("5" (assert) nil nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil))
     1625 1490 t nil)
    (ackCnt_val-1 nil 3390288166 3391510785
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (replace -2 * LR) (("1" (assert) nil nil)) nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 * LR) (("2" (assert) nil nil)) nil)) nil)
           ("3" (expand "recvMessage")
            (("3" (assert) (("3" (grind) nil nil)) nil)) nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (replace -2 * LR) (("4" (assert) nil nil)) nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (skosimp)
              (("5" (replace -2 * LR) (("5" (assert) nil nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     untried
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil))
     1632 1490 t shostak))
   (sendCnt_val 0
    (sendCnt_val-2 nil 3391514702 3391516245
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (replace -2 * LR) (("1" (assert) nil nil)) nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 * LR)
              (("2" (assert) (("2" (grind) nil nil)) nil)) nil))
            nil)
           ("3" (expand "recvMessage")
            (("3" (assert) (("3" (grind) nil nil)) nil)) nil)
           ("4" (expand "looseMess")
            (("4" (skosimp) (("4" (assert) nil nil)) nil)) nil)
           ("5" (expand "looseAck")
            (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil))
     827 740 t nil)
    (sendCnt_val-1 nil 3390288255 3391510786
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (replace -2 * LR) (("1" (assert) nil nil)) nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 * LR)
              (("2" (assert) (("2" (grind) nil nil)) nil)) nil))
            nil)
           ("3" (expand "recvMessage")
            (("3" (assert) (("3" (grind) nil nil)) nil)) nil)
           ("4" (expand "looseMess")
            (("4" (skosimp) (("4" (assert) nil nil)) nil)) nil)
           ("5" (expand "looseAck")
            (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     untried
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil))
     813 740 t shostak))
   (rc_y 0
    (rc_y-2 nil 3391514722 3391516247
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (assert)
            (("1" (expand "receiveAck")
              (("1" (skosimp)
                (("1" (assert)
                  (("1" (replace -2 * LR) (("1" (assert) nil nil)) nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 * LR) (("2" (assert) nil nil)) nil)) nil)
           ("3" (expand "recvMessage")
            (("3" (assert) (("3" (assert) (("3" (grind) nil nil)) nil))
              nil))
            nil)
           ("4" (expand "looseMess")
            (("4" (skosimp) (("4" (assert) nil nil)) nil)) nil)
           ("5" (expand "looseAck")
            (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (receiveAck const-decl "bool" sliding nil))
     1864 1700 t nil)
    (rc_y-1 nil 3390288354 3391510788
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (assert)
            (("1" (expand "receiveAck")
              (("1" (skosimp)
                (("1" (assert)
                  (("1" (replace -2 * LR) (("1" (assert) nil nil)) nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 * LR) (("2" (assert) nil nil)) nil)) nil)
           ("3" (expand "recvMessage")
            (("3" (assert) (("3" (assert) (("3" (grind) nil nil)) nil))
              nil))
            nil)
           ("4" (expand "looseMess")
            (("4" (skosimp) (("4" (assert) nil nil)) nil)) nil)
           ("5" (expand "looseAck")
            (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     untried
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (receiveAck const-decl "bool" sliding nil))
     1938 1650 t shostak))
   (ackrc_y 0
    (ackrc_y-2 nil 3391514750 3391516248
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (assert)
                (("1" (replace -2 * LR)
                  (("1" (assert) (("1" (grind) nil nil)) nil)) nil))
                nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (assert) (("2" (grind) nil nil)) nil)) nil)
           ("3" (expand "recvMessage")
            (("3" (assert) (("3" (assert) (("3" (grind) nil nil)) nil))
              nil))
            nil)
           ("4" (expand "looseMess")
            (("4" (skosimp) (("4" (assert) nil nil)) nil)) nil)
           ("5" (expand "looseAck")
            (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     1007 880 t nil)
    (ackrc_y-1 nil 3390288424 3391510789
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (assert)
                (("1" (replace -2 * LR)
                  (("1" (assert) (("1" (grind) nil nil)) nil)) nil))
                nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (assert) (("2" (grind) nil nil)) nil)) nil)
           ("3" (expand "recvMessage")
            (("3" (assert) (("3" (assert) (("3" (grind) nil nil)) nil))
              nil))
            nil)
           ("4" (expand "looseMess")
            (("4" (skosimp) (("4" (assert) nil nil)) nil)) nil)
           ("5" (expand "looseAck")
            (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     untried
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     1024 910 t shostak))
   (ackCnt_y 0
    (ackCnt_y-1 nil 3390288513 3391516250
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (assert)
            (("1" (expand "receiveAck")
              (("1" (skosimp)
                (("1" (assert) (("1" (grind) nil nil)) nil)) nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (assert) (("2" (grind) nil nil)) nil)) nil)
           ("3" (expand "recvMessage")
            (("3" (assert) (("3" (assert) (("3" (grind) nil nil)) nil))
              nil))
            nil)
           ("4" (expand "looseMess")
            (("4" (skosimp) (("4" (assert) nil nil)) nil)) nil)
           ("5" (expand "looseAck")
            (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (receiveAck const-decl "bool" sliding nil))
     1996 1800 t shostak))
   (sendCnt_y 0
    (sendCnt_y-1 nil 3390288576 3391516251
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (assert)
            (("1" (expand "receiveAck")
              (("1" (skosimp) (("1" (grind) nil nil)) nil)) nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (assert) (("2" (grind) nil nil)) nil)) nil)
           ("3" (expand "recvMessage")
            (("3" (assert) (("3" (grind) nil nil)) nil)) nil)
           ("4" (expand "looseMess")
            (("4" (skosimp) (("4" (assert) nil nil)) nil)) nil)
           ("5" (expand "looseAck")
            (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (receiveAck const-decl "bool" sliding nil))
     956 840 t shostak))
   (lq0_list 0
    (lq0_list-1 nil 3389946714 3391516251
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (propax) nil nil) ("2" (propax) nil nil)
           ("3" (propax) nil nil)
           ("4" (expand "looseMess")
            (("4" (skosimp) (("4" (grind) nil nil)) nil)) nil)
           ("5" (expand "looseAck")
            (("5" (skosimp) (("5" (grind) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq0 const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (recvMessage const-decl "bool" sliding nil))
     765 690 t shostak))
   (lq0_recvAck 0
    (lq0_recvAck-1 nil 3389946747 3391516252
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (skosimp)
          (("" (assert)
            (("" (replace -3 :hide? t)
              (("" (expand "lq0") (("" (propax) nil nil)) nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((receiveAck const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq0 const-decl "bool" sliding nil))
     188 170 t shostak))
   (lq0_recvMess 0
    (lq0_recvMess-1 nil 3389946815 3391516253
     ("" (skosimp)
      (("" (expand "recvMessage")
        (("" (skosimp)
          (("" (prop)
            (("1" (replace -2)
              (("1" (expand "lq0")
                (("1" (skosimp)
                  (("1" (lift-if)
                    (("1" (case "i!1 = m!1`index")
                      (("1" (case " x!1`comp = m!1`index")
                        (("1" (assert)
                          (("1" (expand "lq1")
                            (("1" (inst? -7) (("1" (assert) nil nil))
                              nil))
                            nil))
                          nil)
                         ("2" (assert)
                          (("2" (expand "lq1")
                            (("2" (inst? -6) (("2" (assert) nil nil))
                              nil))
                            nil))
                          nil))
                        nil)
                       ("2" (assert)
                        (("2" (inst? -3)
                          (("2" (assert)
                            (("2" (prop)
                              (("2" (expand "lq3")
                                (("2"
                                  (inst -8 "i!1")
                                  (("2"
                                    (assert)
                                    (("2"
                                      (expand "lq1")
                                      (("2"
                                        (inst? -7)
                                        (("2"
                                          (assert)
                                          (("2"
                                            (expand "firstbottom?")
                                            (("2"
                                              (assert)
                                              (("2"
                                                (typepred
                                                 " min({k: nat | k >= 1 + x!1`c
 omp AND bottom?(x!1`b(k))})")
                                                (("1"
                                                  (assert)
                                                  (("1"
                                                    (inst -3 "i!1")
                                                    (("1"
                                                      (assert)
                                                      nil
                                                      nil))
                                                    nil))
                                                  nil)
                                                 ("2"
                                                  (hide-all-but 1)
                                                  (("2"
                                                    (expand "nonempty?")
                                                    (("2"
                                                      (expand "empty?")
                                                      (("2"
                                                        (expand "member")
                                                        (("2"
                                                          (assert)
                                                          (("2"
                                                            (typepred
                                                             "x!1`b")
                                                            (("2"
                                                              (expand
                                                               "receiveBuffer?"
 )
                                                              (("2"
                                                                (inst
                                                                 -1
                                                                 " 1 + x!1`comp
 ")
                                                                (("2"
                                                                  (skosimp)
                                                                  (("2"
                                                                    (inst?
                                                                     -3)
                                                                    (("2"
                                                                      (assert)
                                                                      nil
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (assert)
              (("2" (replace -2 :hide? t)
                (("2" (expand "lq0") (("2" (propax) nil nil)) nil)) nil))
              nil)
             ("3" (replace -1 :hide? t)
              (("3" (expand "lq0") (("3" (propax) nil nil)) nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((recvMessage const-decl "bool" sliding nil)
      (lq0 const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (bottom? adt-recognizer-decl "[lift -> boolean]" lift_adt nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (min const-decl "{a | S(a) AND (FORALL x: S(x) IMPLIES a <= x)}"
           min_nat nil)
      (<= const-decl "bool" reals nil)
      (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
      (AND const-decl "[bool, bool -> bool]" booleans nil)
      (nonempty? const-decl "bool" sets nil)
      (set type-eq-decl nil sets nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (member const-decl "bool" sets nil)
      (empty? const-decl "bool" sets nil)
      (state type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil)
      (lq1 const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (= const-decl "[T, T -> boolean]" equalities nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (>= const-decl "bool" reals nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (Item type-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil))
     1330 1210 t shostak))
   (lq0_sendMess 0
    (lq0_sendMess-1 nil 3389947021 3391516253
     ("" (skosimp)
      (("" (expand "sendMessage")
        (("" (replace -2 :hide? t)
          (("" (expand "lq0") (("" (propax) nil nil)) nil)) nil))
        nil))
      nil)
     proved
     ((sendMessage const-decl "bool" sliding nil)
      (lq0 const-decl "bool" sliding nil))
     68 40 t shostak))
   (lq0_kept_valid 0
    (lq0_kept_valid-2 nil 3391514882 3391516253
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (replace -2 :hide? t)
                (("1" (expand "lq0") (("1" (propax) nil nil)) nil)) nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 :hide? t)
              (("2" (expand "lq0") (("2" (propax) nil nil)) nil)) nil))
            nil)
           ("3" (use "lq0_recvMess") (("3" (assert) nil nil)) nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (replace -2 :hide? t)
                (("4" (expand "lq0") (("4" (propax) nil nil)) nil)) nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (skosimp)
              (("5" (replace -2 :hide? t)
                (("5" (expand "lq0") (("5" (propax) nil nil)) nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (lq0_recvMess formula-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (sendMessage const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (lq0 const-decl "bool" sliding nil))
     227 200 t nil)
    (lq0_kept_valid-1 nil 3390025511 3391514848
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (replace -2 :hide? t)
                (("1" (expand "lq0") (("1" (propax) nil nil)) nil)) nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 :hide? t)
              (("2" (expand "lq0") (("2" (propax) nil nil)) nil)) nil))
            nil)
           ("3" (use "lq0_recvMess") (("3" (assert) nil nil)) nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (replace -2 :hide? t)
                (("4" (expand "lq0") (("4" (propax) nil nil)) nil)) nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (skosimp)
              (("5" (replace -2 :hide? t)
                (("5" (expand "lq0") (("5" (propax) nil nil)) nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     unfinished
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (lq0_recvMess formula-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (posnat nonempty-type-eq-decl nil integers nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (Item type-decl nil sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (sendMessage const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (lq0 const-decl "bool" sliding nil))
     22216 230 t shostak))
   (lq1_list 0
    (lq1_list-1 nil 3389947302 3391516254
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (propax) nil nil) ("2" (propax) nil nil)
           ("3" (propax) nil nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (replace -2 :hide? t)
                (("4" (assert)
                  (("4" (expand "lq1")
                    (("4" (skosimp) (("4" (grind) nil nil)) nil)) nil))
                  nil))
                nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (skosimp)
              (("5" (replace -2)
                (("5" (expand "lq1") (("5" (propax) nil nil)) nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (Item type-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil))
     809 730 t shostak))
   (lq1_recvAck 0
    (lq1_recvAck-1 nil 3389947327 3391516254
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (skosimp)
          (("" (replace -3 :hide? t)
            (("" (expand "lq1") (("" (propax) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((receiveAck const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil))
     72 50 t shostak))
   (lq1_recvMess 0
    (lq1_recvMess-1 nil 3389947370 3391516255
     ("" (skosimp)
      (("" (expand "recvMessage")
        (("" (skosimp)
          (("" (split)
            (("1" (skosimp)
              (("1" (replace -2 :hide? t)
                (("1" (expand "lq1")
                  (("1" (skosimp)
                    (("1" (assert) (("1" (grind) nil nil)) nil)) nil))
                  nil))
                nil))
              nil)
             ("2" (skosimp)
              (("2" (split)
                (("1" (skosimp)
                  (("1" (replace -2 :hide? t)
                    (("1" (expand "lq1")
                      (("1" (skosimp)
                        (("1" (assert) (("1" (grind) nil nil)) nil))
                        nil))
                      nil))
                    nil))
                  nil)
                 ("2" (skosimp)
                  (("2" (replace -1 :hide? t)
                    (("2" (expand "lq1")
                      (("2" (hide 1 2)
                        (("2" (skosimp)
                          (("2" (assert) (("2" (grind) nil nil)) nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((recvMessage const-decl "bool" sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (Item type-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (lq1 const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     420 360 t shostak))
   (lq1_sendMess 0
    (lq1_sendMess-1 nil 3389947557 3391516255
     ("" (skosimp)
      (("" (expand "sendMessage")
        (("" (replace -2 :hide? t)
          (("" (expand "lq1")
            (("" (skosimp) (("" (assert) (("" (grind) nil nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((sendMessage const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (Item type-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil))
     196 170 t shostak))
   (lq1_kept_valid 0
    (lq1_kept_valid-1 nil 3389947597 3391516255
     ("" (skosimp)
      (("" (expand "step")
        (("" (prop)
          (("1" (use "lq1_recvAck") (("1" (assert) nil nil)) nil)
           ("2" (use "lq1_sendMess") (("2" (assert) nil nil)) nil)
           ("3" (use "lq1_recvMess") (("3" (assert) nil nil)) nil)
           ("4" (expand "looseMess")
            (("4" (expand "lq1")
              (("4" (skosimp*)
                (("4" (assert) (("4" (grind) nil nil)) nil)) nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (skosimp*)
              (("5" (expand "lq1")
                (("5" (skosimp)
                  (("5" (assert) (("5" (grind) nil nil)) nil)) nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (lq1 const-decl "bool" sliding nil)
      (lq1_recvMess formula-decl nil sliding nil)
      (lq1_sendMess formula-decl nil sliding nil)
      (lq1_recvAck formula-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil))
     310 260 t shostak))
   (lq2_list 0
    (lq2_list-1 nil 3389948403 3391516256
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (propax) nil nil) ("2" (propax) nil nil)
           ("3" (propax) nil nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (expand "lq1")
                (("4" (skosimp)
                  (("4" (replace -2)
                    (("4" (assert) (("4" (grind) nil nil)) nil)) nil))
                  nil))
                nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (skosimp)
              (("5" (replace -2)
                (("5" (expand "lq1") (("5" (propax) nil nil)) nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (Item type-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil))
     842 750 t shostak))
   (lq2_recvAck 0
    (lq2_recvAck-1 nil 3389948437 3391516256
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (skosimp)
          (("" (replace -3 :hide? t)
            (("" (expand "lq2")
              (("" (skosimp) (("" (assert) (("" (grind) nil nil)) nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((receiveAck const-decl "bool" sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (lq2 const-decl "bool" sliding nil))
     217 190 t shostak))
   (lq2_recvMess 0
    (lq2_recvMess-1 nil 3389948611 3391516257
     ("" (skosimp)
      (("" (expand "recvMessage")
        (("" (skosimp)
          (("" (lift-if)
            (("" (split)
              (("1" (assert)
                (("1" (skosimp)
                  (("1" (assert)
                    (("1" (split -2)
                      (("1" (prop)
                        (("1" (replace -2 :hide? t)
                          (("1" (expand "lq2")
                            (("1" (skosimp)
                              (("1" (assert)
                                (("1"
                                  (inst -3 "i!1")
                                  (("1"
                                    (assert)
                                    (("1"
                                      (expand "firstbottom?")
                                      (("1"
                                        (typepred
                                         " min({k: nat | k >= 1 + x!1`comp AND 
 bottom?(x!1`b(k))}) ")
                                        (("1" (assert) nil nil)
                                         ("2"
                                          (hide-all-but 1)
                                          (("2"
                                            (expand "nonempty?")
                                            (("2"
                                              (typepred "x!1`b")
                                              (("2"
                                                (expand "receiveBuffer?")
                                                (("2"
                                                  (inst -1 "x!1`comp")
                                                  (("2"
                                                    (skosimp)
                                                    (("2"
                                                      (assert)
                                                      (("2"
                                                        (expand "empty?")
                                                        (("2"
                                                          (expand
                                                           "member")
                                                          (("2"
                                                            (inst
                                                             -3
                                                             "j!1")
                                                            (("2"
                                                              (assert)
                                                              nil
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil)
                       ("2" (prop)
                        (("2" (replace -1 :hide? t)
                          (("2" (expand "lq2") (("2" (propax) nil nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil)
               ("2" (assert)
                (("2" (skosimp)
                  (("2" (split)
                    (("1" (prop)
                      (("1" (replace -2 :hide? t)
                        (("1" (expand "lq2")
                          (("1" (skosimp)
                            (("1" (assert)
                              (("1" (inst? -2)
                                (("1"
                                  (assert)
                                  (("1" (grind) nil nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil)
                     ("2" (prop)
                      (("1" (replace -2 :hide? t)
                        (("1" (expand "lq2")
                          (("1" (skosimp)
                            (("1" (assert) (("1" (grind) nil nil)) nil))
                            nil))
                          nil))
                        nil)
                       ("2" (replace -1 :hide? t)
                        (("2" (expand "lq2") (("2" (propax) nil nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((recvMessage const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq2 const-decl "bool" sliding nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (bottom? adt-recognizer-decl "[lift -> boolean]" lift_adt nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (min const-decl "{a | S(a) AND (FORALL x: S(x) IMPLIES a <= x)}"
           min_nat nil)
      (<= const-decl "bool" reals nil)
      (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
      (AND const-decl "[bool, bool -> bool]" booleans nil)
      (nonempty? const-decl "bool" sets nil)
      (set type-eq-decl nil sets nil)
      (NOT const-decl "[bool -> bool]" booleans nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (empty? const-decl "bool" sets nil)
      (member const-decl "bool" sets nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (firstbottom? const-decl "nat" sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil))
     968 840 t shostak))
   (lq2_sendMess 0
    (lq2_sendMess-1 nil 3389948861 3391516258
     ("" (skosimp)
      (("" (expand "sendMessage")
        (("" (assert)
          (("" (replace -2 :hide? t)
            (("" (expand "lq2") (("" (propax) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((sendMessage const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil))
     237 220 t shostak))
   (lq2_kept_valid 0
    (lq2_kept_valid-1 nil 3389948908 3391516260
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (expand "receiveAck")
            (("1" (assert)
              (("1" (skosimp)
                (("1" (replace -2 :hide? t)
                  (("1" (expand "lq2")
                    (("1" (skosimp)
                      (("1" (assert) (("1" (grind) nil nil)) nil)) nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 :hide? t)
              (("2" (expand "lq2") (("2" (propax) nil nil)) nil)) nil))
            nil)
           ("3" (expand "recvMessage")
            (("3" (skosimp)
              (("3" (use "lq2_recvMess")
                (("3" (assert)
                  (("3" (expand "lq2")
                    (("3" (skosimp)
                      (("3" (inst -4 "i!1")
                        (("3" (assert) (("3" (grind) nil nil)) nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (replace -2)
                (("4" (expand "lq2") (("4" (propax) nil nil)) nil)) nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (expand "lq2")
              (("5" (skosimp)
                (("5" (skosimp) (("5" (grind) nil nil)) nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (lq2_recvMess formula-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (firstbottom? const-decl "nat" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (sendMessage const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (>= const-decl "bool" reals nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil))
     2613 2300 t shostak))
   (lq3_list 0
    (lq3_list-1 nil 3389949134 3391516261
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (propax) nil nil) ("2" (propax) nil nil)
           ("3" (propax) nil nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (replace -2 :hide? t)
                (("4" (expand "lq3") (("4" (propax) nil nil)) nil)) nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (expand "lq3")
              (("5" (skosimp*)
                (("5" (assert) (("5" (grind) nil nil)) nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (receiveAck const-decl "bool" sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (looseMess const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil))
     702 630 t shostak))
   (lq3_recvAck 0
    (lq3_recvAck-1 nil 3389949151 3391516261
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (skosimp)
          (("" (replace -3 :hide? t)
            (("" (expand "lq3") (("" (propax) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((receiveAck const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil))
     91 80 t shostak))
   (lq3_recvMess 0
    (lq3_recvMess-1 nil 3389949186 3391516262
     ("" (skosimp)
      (("" (expand "recvMessage")
        (("" (skosimp)
          (("" (assert)
            (("" (split -3)
              (("1" (flatten)
                (("1" (replace -2 :hide? t)
                  (("1" (expand "lq3")
                    (("1" (skosimp)
                      (("1" (assert)
                        (("1" (lift-if)
                          (("1" (assert)
                            (("1" (split)
                              (("1" (split)
                                (("1"
                                  (expand "lq1")
                                  (("1"
                                    (assert)
                                    (("1" (grind) nil nil))
                                    nil))
                                  nil)
                                 ("2" (prop) nil nil))
                                nil)
                               ("2" (prop)
                                (("2"
                                  (assert)
                                  (("2" (grind) nil nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil)
               ("2" (prop)
                (("1" (replace -2 :hide? t)
                  (("1" (expand "lq3") (("1" (propax) nil nil)) nil))
                  nil)
                 ("2" (replace -1 :hide? t)
                  (("2" (expand "lq3") (("2" (propax) nil nil)) nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((recvMessage const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq3 const-decl "bool" sliding nil)
      (number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (>= const-decl "bool" reals nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (Item type-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (lq1 const-decl "bool" sliding nil))
     474 420 t shostak))
   (lq3_sendMess 0
    (lq3_sendMess-1 nil 3389949601 3391516262
     ("" (skosimp)
      (("" (expand "sendMessage")
        (("" (replace -2 :hide? t)
          (("" (expand "lq3") (("" (propax) nil nil)) nil)) nil))
        nil))
      nil)
     proved
     ((sendMessage const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil))
     50 50 t shostak))
   (lq3_kept_valid 0
    (lq3_kept_valid-1 nil 3390023758 3391516263
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (expand "receiveAck")
            (("1" (skosimp)
              (("1" (replace -2 :hide? t)
                (("1" (expand "lq3") (("1" (propax) nil nil)) nil)) nil))
              nil))
            nil)
           ("2" (expand "sendMessage")
            (("2" (replace -1 :hide? t)
              (("2" (expand "lq3") (("2" (propax) nil nil)) nil)) nil))
            nil)
           ("3" (expand "recvMessage")
            (("3" (skosimp)
              (("3" (lift-if)
                (("3" (split)
                  (("1" (assert)
                    (("1" (lift-if)
                      (("1" (split)
                        (("1" (assert)
                          (("1" (flatten)
                            (("1" (replace -3 :hide? t)
                              (("1" (expand "lq3")
                                (("1"
                                  (expand "lq1")
                                  (("1"
                                    (skosimp)
                                    (("1"
                                      (assert)
                                      (("1"
                                        (inst -4 "i!1")
                                        (("1"
                                          (prop)
                                          (("1"
                                            (assert)
                                            (("1" (grind) nil nil))
                                            nil)
                                           ("2"
                                            (ground)
                                            (("2" (grind) nil nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil)
                         ("2" (assert)
                          (("2" (flatten)
                            (("2" (prop)
                              (("2" (replace -2 :hide? t)
                                (("2"
                                  (assert)
                                  (("2"
                                    (expand "lq3")
                                    (("2" (propax) nil nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil)
                   ("2" (expand "lq3")
                    (("2" (flatten)
                      (("2" (split)
                        (("1" (prop)
                          (("1" (skosimp)
                            (("1" (expand "lq1")
                              (("1" (assert)
                                (("1"
                                  (replace -2 :hide? t)
                                  (("1"
                                    (assert)
                                    (("1"
                                      (inst -3 "i!1")
                                      (("1"
                                        (prop)
                                        (("1" (grind) nil nil)
                                         ("2"
                                          (ground)
                                          (("2" (grind) nil nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil)
                         ("2" (prop)
                          (("1" (skosimp)
                            (("1" (replace -2 :hide? t)
                              (("1" (assert)
                                (("1"
                                  (expand "lq1")
                                  (("1"
                                    (inst -3 "i!1")
                                    (("1" (assert) nil nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil)
                           ("2" (skosimp)
                            (("2" (replace -1 :hide? t)
                              (("2" (assert)
                                (("2"
                                  (expand "lq1")
                                  (("2"
                                    (inst -2 "i!1")
                                    (("2" (assert) nil nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (replace -2 :hide? t)
                (("4" (expand "lq3") (("4" (propax) nil nil)) nil)) nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (skosimp)
              (("5" (replace -2 :hide? t)
                (("5" (expand "lq3") (("5" (propax) nil nil)) nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (>= const-decl "bool" reals nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (Mess type-eq-decl nil sliding nil)
      (Item type-decl nil sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (sendMessage const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil)
      (lq3 const-decl "bool" sliding nil))
     1436 1290 t shostak))
   (lq4_list 0
    (lq4_list-1 nil 3389945537 3391516263
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (propax) nil nil) ("2" (propax) nil nil)
           ("3" (propax) nil nil)
           ("4" (expand "looseMess")
            (("4" (expand "lq4")
              (("4" (skosimp) (("4" (assert) nil nil)) nil)) nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (expand "lq4")
              (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (lq4 const-decl "bool" sliding nil))
     89 70 t shostak))
   (lq4_recvAck 0
    (lq4_recvAck-1 nil 3389945562 3391516263
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (assert)
          (("" (skosimp)
            (("" (replace -3 :hide? t)
              (("" (expand "lq4")
                (("" (assert)
                  (("" (expand "lq2")
                    (("" (assert)
                      (("" (lift-if)
                        (("" (split +)
                          (("1" (flatten)
                            (("1" (assert)
                              (("1" (inst -4 "ack!1")
                                (("1" (assert) nil nil)) nil))
                              nil))
                            nil)
                           ("2" (assert) nil nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((receiveAck const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (>= const-decl "bool" reals nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     156 140 t shostak))
   (lq4_recvMess 0
    (lq4_recvMess-1 nil 3389945833 3391516264
     ("" (skosimp)
      (("" (expand "recvMessage")
        (("" (assert)
          (("" (skosimp)
            (("" (assert)
              (("" (lift-if)
                (("" (expand "lq2")
                  (("" (expand "lq4")
                    (("" (split)
                      (("1" (skosimp)
                        (("1" (prop)
                          (("1" (replace -2 :hide? t)
                            (("1" (assert)
                              (("1" (expand "firstbottom?")
                                (("1" (assert) nil nil)) nil))
                              nil))
                            nil)
                           ("2" (replace -2 :hide? t)
                            (("2" (assert) nil nil)) nil)
                           ("3" (replace -1 :hide? t)
                            (("3" (assert) nil nil)) nil))
                          nil))
                        nil)
                       ("2" (assert) nil nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((recvMessage const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (firstbottom? const-decl "nat" sliding nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (lq2 const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     527 480 t shostak))
   (lq4_sendMess 0
    (lq4_sendMess-1 nil 3389946018 3391516264
     ("" (skosimp)
      (("" (expand "sendMessage")
        (("" (assert)
          (("" (replace -2 :hide? t)
            (("" (expand "lq4") (("" (propax) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((sendMessage const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil))
     224 200 t shostak))
   (lq4_kept_valid 0
    (lq4_kept_valid-1 nil 3390023068 3391516265
     ("" (skosimp)
      (("" (expand "step")
        (("" (split)
          (("1" (assert)
            (("1" (expand "receiveAck")
              (("1" (skosimp)
                (("1" (replace -2 :hide? t)
                  (("1" (expand "lq4")
                    (("1" (expand "lq2")
                      (("1" (inst -3 "ack!1")
                        (("1" (assert)
                          (("1" (lift-if) (("1" (assert) nil nil)) nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (assert)
            (("2" (expand "sendMessage")
              (("2" (replace -1 :hide? t)
                (("2" (expand "lq4") (("2" (propax) nil nil)) nil)) nil))
              nil))
            nil)
           ("3" (expand "recvMessage")
            (("3" (expand "lq4")
              (("3" (assert)
                (("3" (skosimp)
                  (("3" (lift-if)
                    (("3" (expand "lq2")
                      (("3" (prop)
                        (("1" (assert)
                          (("1" (replace -2 :hide? t)
                            (("1" (assert)
                              (("1" (expand "firstbottom?")
                                (("1" (assert) nil nil)) nil))
                              nil))
                            nil))
                          nil)
                         ("2" (replace -2 :hide? t)
                          (("2" (assert) nil nil)) nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (expand "lq4") (("4" (assert) nil nil)) nil)) nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (expand "lq4")
              (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (recvMessage const-decl "bool" sliding nil)
      (firstbottom? const-decl "nat" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil)
      (sendMessage const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (>= const-decl "bool" reals nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq2 const-decl "bool" sliding nil)
      (receiveAck const-decl "bool" sliding nil))
     783 650 t shostak))
   (lq5_list 0
    (lq5_list-1 nil 3391409144 3391516265
     ("" (skosimp)
      (("" (expand "step")
        (("" (assert)
          (("" (prop)
            (("1" (expand "looseMess")
              (("1" (skosimp)
                (("1" (assert)
                  (("1" (hide 2 3 4)
                    (("1" (replace -2)
                      (("1" (expand "lq5")
                        (("1" (skosimp)
                          (("1" (inst? -3)
                            (("1" (assert) (("1" (grind) nil nil)) nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (expand "looseAck")
              (("2" (skosimp)
                (("2" (hide 2 3 4)
                  (("2" (replace -2)
                    (("2" (expand "lq5") (("2" (propax) nil nil)) nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (lq5 const-decl "bool" sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (Item type-decl nil sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (looseMess const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil))
     203 190 t shostak))
   (lq5_recvAck 0
    (lq5_recvAck-1 nil 3391160438 3391516265
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (skosimp)
          (("" (replace -3 :hide? t)
            (("" (expand "lq5")
              (("" (skosimp)
                (("" (lift-if)
                  (("" (prop)
                    (("1" (inst?) (("1" (assert) nil nil)) nil)
                     ("2" (inst?) (("2" (assert) nil nil)) nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((receiveAck const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (Mess type-eq-decl nil sliding nil)
      (Item type-decl nil sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (lq5 const-decl "bool" sliding nil))
     265 220 t shostak))
   (lq5_recvMess 0
    (lq5_recvMess-1 nil 3391160534 3391516266
     ("" (skosimp)
      (("" (expand "recvMessage")
        (("" (skosimp)
          (("" (prop)
            (("1" (lift-if)
              (("1" (prop)
                (("1" (assert)
                  (("1" (replace -2 :hide? t)
                    (("1" (expand "lq5")
                      (("1" (assert)
                        (("1" (skosimp)
                          (("1" (inst? -3)
                            (("1" (assert) (("1" (grind) nil nil)) nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil)
                 ("2" (replace -1 :hide? t)
                  (("2" (expand "lq5")
                    (("2" (skosimp)
                      (("2" (inst? -2)
                        (("2" (assert) (("2" (grind) nil nil)) nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (replace -2 :hide? t)
              (("2" (expand "lq5")
                (("2" (skosimp)
                  (("2" (inst? -2)
                    (("2" (assert) (("2" (grind) nil nil)) nil)) nil))
                  nil))
                nil))
              nil)
             ("3" (replace -1 :hide? t)
              (("3" (expand "lq5")
                (("3" (skosimp)
                  (("3" (inst? -1)
                    (("3" (assert) (("3" (grind) nil nil)) nil)) nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((recvMessage const-decl "bool" sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (Item type-decl nil sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq5 const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     665 580 t shostak))
   (lq5_sendMess 0
    (lq5_sendMess-1 nil 3391160908 3391516267
     ("" (skosimp)
      (("" (expand "lq5")
        (("" (skosimp)
          (("" (inst? -1)
            (("" (assert)
              (("" (expand "sendMessage")
                (("" (prop)
                  (("1" (assert)
                    (("1" (replace -2 :hide? t) (("1" (assert) nil nil))
                      nil))
                    nil)
                   ("2" (replace -1 :hide? t)
                    (("2" (assert)
                      (("2" (assert) (("2" (grind) nil nil)) nil)) nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((lq5 const-decl "bool" sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (Item type-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (sendMessage const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil))
     775 700 t shostak))
   (lq5_kept_valid 0
    (lq5_kept_valid-1 nil 3391408866 3391516267
     ("" (skosimp)
      (("" (expand "step")
        (("" (prop)
          (("1" (assert)
            (("1" (use "lq5_recvAck") (("1" (assert) nil nil)) nil)) nil)
           ("2" (use "lq5_sendMess") (("2" (assert) nil nil)) nil)
           ("3" (use "lq5_recvMess") (("3" (assert) nil nil)) nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (replace -2 :hide? t)
                (("4" (assert)
                  (("4" (expand "lq5")
                    (("4" (skosimp)
                      (("4" (inst? -2)
                        (("4" (assert)
                          (("4" (expand "lq6") (("4" (assert) nil nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (skosimp)
              (("5" (replace -2)
                (("5" (expand "lq5") (("5" (propax) nil nil)) nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (lq5 const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (lq5_recvMess formula-decl nil sliding nil)
      (lq5_sendMess formula-decl nil sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (>= const-decl "bool" reals nil) (Item type-decl nil sliding nil)
      (lift type-decl nil lift_adt nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (lq5_recvAck formula-decl nil sliding nil))
     244 210 t shostak))
   (lq6_list 0
    (lq6_list-1 nil 3391491473 3391516267
     ("" (skosimp)
      (("" (expand "step")
        (("" (assert)
          (("" (prop)
            (("1" (expand "looseMess")
              (("1" (skosimp)
                (("1" (assert)
                  (("1" (expand "lq6") (("1" (assert) nil nil)) nil))
                  nil))
                nil))
              nil)
             ("2" (expand "looseAck")
              (("2" (skosimp)
                (("2" (expand "lq6") (("2" (assert) nil nil)) nil)) nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (looseMess const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil))
     226 190 t shostak))
   (lq6_recvAck 0
    (lq6_recvAck-1 nil 3391336239 3391516268
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (skosimp)
          (("" (replace -3 :hide? t)
            (("" (expand "lq6")
              (("" (assert)
                (("" (lift-if)
                  (("" (prop)
                    (("1" (assert) nil nil) ("2" (assert) nil nil)
                     ("3" (assert)
                      (("3" (lift-if) (("3" (assert) nil nil)) nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((receiveAck const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq6 const-decl "bool" sliding nil))
     250 220 t shostak))
   (lq6_recvMess 0
    (lq6_recvMess-1 nil 3391336434 3391516268
     ("" (skosimp)
      (("" (expand "recvMessage")
        (("" (skosimp)
          (("" (assert)
            (("" (lift-if)
              (("" (split)
                (("1" (prop)
                  (("1" (replace -2)
                    (("1" (expand "lq6") (("1" (propax) nil nil)) nil))
                    nil)
                   ("2" (expand "lq6") (("2" (assert) nil nil)) nil)
                   ("3" (expand "lq6") (("3" (assert) nil nil)) nil))
                  nil)
                 ("2" (prop)
                  (("1" (expand "lq6") (("1" (assert) nil nil)) nil)
                   ("2" (expand "lq6") (("2" (assert) nil nil)) nil)
                   ("3" (expand "lq6") (("3" (assert) nil nil)) nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((recvMessage const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (lq6 const-decl "bool" sliding nil)
      (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
       integers nil))
     553 490 t shostak))
   (lq6_sendMess 0
    (lq6_sendMess-1 nil 3391336519 3391516269
     ("" (skosimp)
      (("" (expand "sendMessage")
        (("" (expand "lq6") (("" (assert) (("" (grind) nil nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((sendMessage const-decl "bool" sliding nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq6 const-decl "bool" sliding nil))
     593 530 t shostak))
   (lq6_kept_valid 0
    (lq6_kept_valid-1 nil 3391494256 3391516269
     ("" (skosimp)
      (("" (expand "step")
        (("" (prop)
          (("1" (use "lq6_recvAck") (("1" (assert) nil nil)) nil)
           ("2" (use "lq6_sendMess") (("2" (assert) nil nil)) nil)
           ("3" (use "lq6_recvMess") (("3" (assert) nil nil)) nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (expand "lq6") (("4" (assert) nil nil)) nil)) nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (expand "lq6")
              (("5" (skosimp) (("5" (assert) nil nil)) nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (lq6_recvMess formula-decl nil sliding nil)
      (lq6_sendMess formula-decl nil sliding nil)
      (lq6_recvAck formula-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil))
     252 210 t shostak))
   (lq7_list 0
    (lq7_list-1 nil 3391515842 3391515871
     ("" (skosimp)
      (("" (expand "step")
        (("" (prop)
          (("1" (expand "looseMess")
            (("1" (skosimp)
              (("1" (assert)
                (("1" (expand "lq7") (("1" (assert) nil nil)) nil)) nil))
              nil))
            nil)
           ("2" (expand "looseAck")
            (("2" (expand "lq7")
              (("2" (skosimp) (("2" (assert) nil nil)) nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (lq7 const-decl "bool" sliding nil))
     29821 140 t shostak))
   (lq7_recvAck 0
    (lq7_recvAck-1 nil 3391515881 3391515920
     ("" (skosimp)
      (("" (expand "receiveAck")
        (("" (skosimp)
          (("" (expand "lq7")
            (("" (assert)
              (("" (replace -3)
                (("" (assert)
                  (("" (lift-if)
                    (("" (assert)
                      (("" (split +)
                        (("1" (prop)
                          (("1" (lift-if)
                            (("1" (prop)
                              (("1" (assert) nil nil)
                               ("2" (assert) nil nil))
                              nil))
                            nil))
                          nil)
                         ("2" (propax) nil nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((receiveAck const-decl "bool" sliding nil)
      (lq7 const-decl "bool" sliding nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil))
     39729 420 t shostak))
   (lq7_recvMess 0
    (lq7_recvMess-1 nil 3391515929 3391515942
     ("" (skosimp)
      (("" (expand "recvMessage")
        (("" (expand "lq7") (("" (assert) (("" (grind) nil nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((recvMessage const-decl "bool" sliding nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (firstbottom? const-decl "nat" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq7 const-decl "bool" sliding nil))
     13026 460 t shostak))
   (lq7_sendMess 0
    (lq7_sendMess-1 nil 3391515948 3391515961
     ("" (skosimp)
      (("" (expand "sendMessage")
        (("" (expand "lq7") (("" (assert) (("" (grind) nil nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((sendMessage const-decl "bool" sliding nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_ge_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (lq7 const-decl "bool" sliding nil))
     12903 370 t shostak))
   (lq7_kept_valid 0
    (lq7_kept_valid-1 nil 3391515968 3391516127
     ("" (skosimp)
      (("" (expand "step")
        (("" (prop)
          (("1" (use "lq7_recvAck") (("1" (assert) nil nil)) nil)
           ("2" (use "lq7_sendMess") (("2" (assert) nil nil)) nil)
           ("3" (use "lq7_recvMess") (("3" (assert) nil nil)) nil)
           ("4" (expand "looseMess")
            (("4" (skosimp)
              (("4" (expand "lq7") (("4" (assert) nil nil)) nil)) nil))
            nil)
           ("5" (expand "looseAck")
            (("5" (skosimp)
              (("5" (expand "lq7") (("5" (assert) nil nil)) nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((step const-decl "bool" sliding nil)
      (looseAck const-decl "bool" sliding nil)
      (looseMess const-decl "bool" sliding nil)
      (lq7 const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (int_minus_int_is_int application-judgement "int" integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (lq7_recvMess formula-decl nil sliding nil)
      (lq7_sendMess formula-decl nil sliding nil)
      (lq7_recvAck formula-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil))
     159022 630 t shostak))
   (lqall_is_invariant 0
    (lqall_is_invariant-2 nil 3390036925 3391516162
     ("" (skosimp)
      (("" (expand "lqall")
        (("" (flatten)
          (("" (split)
            (("1" (use lq0_kept_valid) (("1" (assert) nil nil)) nil)
             ("2" (use lq1_kept_valid) (("2" (assert) nil nil)) nil)
             ("3" (use lq2_kept_valid) (("3" (assert) nil nil)) nil)
             ("4" (use lq3_kept_valid) (("4" (assert) nil nil)) nil)
             ("5" (use lq4_kept_valid) (("5" (assert) nil nil)) nil)
             ("6" (use "lq5_kept_valid") (("6" (assert) nil nil)) nil)
             ("7" (use "lq6_kept_valid") (("7" (assert) nil nil)) nil)
             ("8" (use "lq7_kept_valid") (("8" (assert) nil nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((lq7_kept_valid formula-decl nil sliding nil)
      (lq6_kept_valid formula-decl nil sliding nil)
      (lq5_kept_valid formula-decl nil sliding nil)
      (lq4_kept_valid formula-decl nil sliding nil)
      (lq3_kept_valid formula-decl nil sliding nil)
      (lq2_kept_valid formula-decl nil sliding nil)
      (lq1_kept_valid formula-decl nil sliding nil)
      (lq0_kept_valid formula-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (lqall const-decl "bool" sliding nil))
     24968 270 t nil)
    (lqall_is_invariant-1 nil 3390026979 3390036816
     ("" (skosimp)
      (("" (expand "lqall")
        (("" (flatten)
          (("" (split)
            (("1" (use lq0_kept_valid) (("1" (grind) nil nil)) nil)
             ("2" (use lq1_kept_valid) (("2" (grind) nil nil)) nil)
             ("3" (use lq2_kept_valid) (("3" (grind) nil nil)) nil)
             ("4" (use lq3_kept_valid) (("4" (grind) nil nil)) nil)
             ("5" (use lq4_kept_valid) (("5" (grind) nil nil)) nil))
            nil))
          nil))
        nil))
      nil)
     proved
     ((lq4_kept_valid formula-decl nil sliding nil)
      (lq3_kept_valid formula-decl nil sliding nil)
      (lq2_kept_valid formula-decl nil sliding nil)
      (lq1_kept_valid formula-decl nil sliding nil)
      (lq0_kept_valid formula-decl nil sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil)
      (pred type-eq-decl nil defined_types nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (Item type-decl nil sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (lqall const-decl "bool" sliding nil))
     607 310 t shostak))
   (lqall_holds_initially 0
    (lqall_holds_initially-1 nil 3390035490 3391516187
     ("" (expand "lqall")
      (("" (split)
        (("1" (expand "lq0")
          (("1" (expand "init") (("1" (propax) nil nil)) nil)) nil)
         ("2" (expand "lq1")
          (("2" (skosimp)
            (("2" (expand "init") (("2" (assert) nil nil)) nil)) nil))
          nil)
         ("3" (expand "lq2")
          (("3" (skosimp)
            (("3" (expand "init") (("3" (assert) nil nil)) nil)) nil))
          nil)
         ("4" (expand "lq3")
          (("4" (skosimp)
            (("4" (expand "init") (("4" (propax) nil nil)) nil)) nil))
          nil)
         ("5" (expand "lq4")
          (("5" (expand "init") (("5" (assert) nil nil)) nil)) nil)
         ("6" (expand "lq5")
          (("6" (skosimp)
            (("6" (expand "init") (("6" (assert) nil nil)) nil)) nil))
          nil)
         ("7" (expand "lq6")
          (("7" (expand "init") (("7" (assert) nil nil)) nil)) nil)
         ("8" (expand "lq7")
          (("8" (assert)
            (("8" (expand "init") (("8" (assert) nil nil)) nil)) nil))
          nil))
        nil))
      nil)
     proved
     ((lqall const-decl "bool" sliding nil)
      (lq7 const-decl "bool" sliding nil)
      (lq6 const-decl "bool" sliding nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq5 const-decl "bool" sliding nil)
      (lq4 const-decl "bool" sliding nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (lq3 const-decl "bool" sliding nil)
      (lq2 const-decl "bool" sliding nil)
      (lq1 const-decl "bool" sliding nil)
      (real_gt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (lq0 const-decl "bool" sliding nil)
      (init const-decl "state" sliding nil))
     17074 260 t shostak)))
  
  
  $$$exec.pvs
  
  %% PVS Version 4.0 - Allegro CL Enterprise Edition 8.0 [Linux (x86)] (Nov 28,
  2006 16:50)
  %% 8.0 [Linux (x86)] (Nov 28, 2006 16:50)
  %%$$$PVSHOME/.pvs.lisp
  
  %%$$$exec.pvs
  
  	exec: THEORY
  	BEGIN
  
  	importing sliding 
  
  	xs :VAR [nat->state]
  	aa: VAR [nat-> Item] 
  	
  	execution?(xs,aa):bool=
  		 xs(0) = init  AND (FORALL (n:nat):step(xs(n),xs(n+1)))
  	
  	grows_To_Infinity?(f:[nat->nat]):bool = 
  		(FORALL (n:nat): (EXISTS (j:nat): (FORALL (k:nat): j < k IMPLIE
 S n <= f(k))))
  
  	monotonic?(f:[nat->nat]):bool=
  		(FORALL (j,k:nat): j<=k IMPLIES f(j)<=f(k))
  
  	isLimit(n:nat, f:[nat->nat]):bool=
  		(EXISTS (i:nat): FORALL (j:nat):i<j IMPLIES f(j)=n)
  
          isConstant(n: nat, f: [nat -> nat]): bool =
                  (FORALL (j:nat): f(j)=n)
  
  	bounded?(f:[nat->nat]):bool=
  		(EXISTS (m:nat) :FORALL(j:nat):  f(j) < m)
  
  	comp(xs):[nat->nat]=
  		(LAMBDA (n:nat): xs(n)`comp)
  
  	down(xs):[nat->nat]=
  		(LAMBDA (n:nat): xs(n)`down)
  
  	sendCnt(xs, (i:nat)): [nat->nat]=
  		(LAMBDA (n:nat):xs(n)`sendCnt(i))
  
  	ackCnt(xs, (i:nat)): [nat->nat]=
  		LAMBDA (n:nat):xs(n)`ackCnt(i)
  
  	rc(xs, (i:nat)): [nat->nat]=
  		(LAMBDA (n:nat):xs(n)`rc(i))
  
  	ackrc(xs, (i:nat)): [nat->nat]=
  		(LAMBDA (n:nat):xs(n)`ackrc(i))
  
  	% proof LEMMA
  
  	f :VAR [nat->nat]
  
  	mono_implied:LEMMA
  		((FORALL (i:nat):f(i) <= f(i+1)) IMPLIES monotonic?(f))
  
  	bounded_ok:LEMMA
  		((bounded?(f) AND monotonic?(f)) IMPLIES (Exists (x:nat):isLimi
 t(x,f)))
  
  	not_Bounded:LEMMA
  		(((Not(bounded?(f)) AND monotonic?(f)) IMPLIES grows_To_Infinit
 y?(f)))
  
  	exec_monoc:LEMMA
  		execution?(xs,aa) IMPLIES monotonic?(comp(xs))
  
  	exe:LEMMA
  		execution?(xs,aa) IMPLIES (FORALL (n:nat): lqall(xs(n)))
  
  	exec_bound:LEMMA
  		bounded?(comp(xs)) AND execution?(xs,aa) IMPLIES 
  			(EXISTS (j:nat): NOT(bounded?(sendCnt(xs,j))) AND bound
 ed?(rc(xs,j))) OR
     			(EXISTS (j:nat): NOT(bounded?(ackCnt(xs,j))) AND isCons
 tant(0,ackrc(xs,j)))
  	
  	End exec
  	
  
  $$$exec.prf
  (exec
   (mono_implied 0
    (mono_implied-1 nil 3390541130 3390552716
     ("" (skosimp)
      (("" (expand "monotonic?")
        (("" (induct "k")
          (("1" (skosimp) (("1" (assert) nil nil)) nil)
           ("2" (skosimp)
            (("2" (skosimp)
              (("2" (inst -3 "j!1")
                (("2" (inst -1 "j!2") (("2" (assert) nil nil)) nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     untried
     ((number nonempty-type-decl nil numbers nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (real nonempty-type-from-decl nil reals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (int nonempty-type-eq-decl nil integers nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (>= const-decl "bool" reals nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (pred type-eq-decl nil defined_types nil)
      (<= const-decl "bool" reals nil)
      (nat_induction formula-decl nil naturalnumbers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (monotonic? const-decl "bool" exec nil))
     84895 730 t shostak))
   (bounded_ok 0
    (bounded_ok-1 nil 3390542889 3391589350
     ("" (skosimp)
      (("" (expand "bounded?")
        (("" (case "FORALL (m: nat): EXISTS (j:nat): m <= f!1(j)")
          (("1" (skosimp)
            (("1" (inst -1 "m!1")
              (("1" (skosimp)
                (("1" (expand "isLimit")
                  (("1" (expand "monotonic?")
                    (("1" (inst 1 "m!1")
                      (("1" (inst? +)
                        (("1" (skosimp)
                          (("1" (inst?)
                            (("1" (inst -3 "j!1" "j!2")
                              (("1" (assert) nil nil)) nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (expand "monotonic?")
            (("2" (induct "m")
              (("1" (assert)
                (("1" (skosimp)
                  (("1" (inst?)
                    (("1" (inst?)
                      (("1" (inst?)
                        (("1" (inst?)
                          (("1" (expand "isLimit")
                            (("1" (inst?)
                              (("1" (skosimp) (("1" (assert) nil nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil)
               ("2" (skosimp*)
                (("2" (expand "isLimit")
                  (("2" (inst? 1)
                    (("2" (inst? 2)
                      (("2" (inst? 2)
                        (("2" (skosimp)
                          (("2" (inst? -2)
                            (("2" (inst -3 "j!1" "j!3")
                              (("2" (assert)
                                (("2"
                                  (assert)
                                  (("2"
                                    (grind)
                                    (("2" (postpone) nil nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     untried nil 220982 1230 t shostak))
   (not_Bounded 0
    (not_Bounded-1 nil 3390542328 3391517315
     ("" (skosimp)
      (("" (expand "monotonic?")
        (("" (expand "bounded?")
          (("" (expand "grows_To_Infinity?")
            (("" (skosimp)
              (("" (inst 1 "n!1")
                (("" (skosimp)
                  (("" (inst 2 "j!1")
                    (("" (skosimp)
                      (("" (inst -1 "j!1" "k!1")
                        (("" (prop)
                          (("1" (assert) nil nil) ("2" (assert) nil nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     untried
     ((bounded? const-decl "bool" exec nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (real_lt_is_strict_total_order name-judgement
       "(strict_total_order?[real])" real_props nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (grows_To_Infinity? const-decl "bool" exec nil)
      (monotonic? const-decl "bool" exec nil))
     332 140 t shostak))
   (exec_monoc 0
    (exec_monoc-1 nil 3390289218 3391517307
     ("" (skosimp)
      (("" (expand "execution?")
        (("" (use "mono_implied")
          (("" (prop)
            (("" (skosimp)
              (("" (expand "comp")
                (("" (use "comp_acomps")
                  (("" (inst -3 "i!1") (("" (assert) nil nil)) nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     untried
     ((mono_implied formula-decl nil exec nil)
      (comp const-decl "[nat -> nat]" exec nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (comp_acomps formula-decl nil sliding nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (real_le_is_total_order name-judgement "(total_order?[real])"
       real_props nil)
      (execution? const-decl "bool" exec nil))
     413 230 t shostak))
   (exe 0
    (exe-1 nil 3390633406 3391517297
     ("" (skosimp)
      (("" (expand "execution?")
        (("" (prop)
          (("" (induct "n")
            (("1" (use lqall_holds_initially)
              (("1" (use lqall_is_invariant) (("1" (assert) nil nil))
                nil))
              nil)
             ("2" (skosimp)
              (("2" (inst -3 "j!1")
                (("2" (use "lqall_holds_initially")
                  (("2" (use "lqall_is_invariant")
                    (("2" (assert) nil nil)) nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     untried
     ((nnint_plus_posint_is_posint application-judgement "posint"
       integers nil)
      (posint_plus_nnint_is_posint application-judgement "posint"
       integers nil)
      (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
      (numfield nonempty-type-eq-decl nil number_fields nil)
      (lqall_holds_initially formula-decl nil sliding nil)
      (init const-decl "state" sliding nil)
      (lqall_is_invariant formula-decl nil sliding nil)
      (nat_induction formula-decl nil naturalnumbers nil)
      (lqall const-decl "bool" sliding nil)
      (state type-eq-decl nil sliding nil)
      (Mess type-eq-decl nil sliding nil)
      (receiveBuffer? const-decl "bool" sliding nil)
      (lift type-decl nil lift_adt nil) (Item type-decl nil sliding nil)
      (pred type-eq-decl nil defined_types nil)
      (nat nonempty-type-eq-decl nil naturalnumbers nil)
      (>= const-decl "bool" reals nil)
      (bool nonempty-type-eq-decl nil booleans nil)
      (int nonempty-type-eq-decl nil integers nil)
      (integer_pred const-decl "[rational -> boolean]" integers nil)
      (rational nonempty-type-from-decl nil rationals nil)
      (rational_pred const-decl "[real -> boolean]" rationals nil)
      (real nonempty-type-from-decl nil reals nil)
      (real_pred const-decl "[number_field -> boolean]" reals nil)
      (number_field nonempty-type-from-decl nil number_fields nil)
      (number_field_pred const-decl "[number -> boolean]" number_fields
       nil)
      (boolean nonempty-type-decl nil booleans nil)
      (number nonempty-type-decl nil numbers nil)
      (execution? const-decl "bool" exec nil))
     636 340 t shostak))
   (exec_bound 0
    (exec_bound-1 nil 3390537178 3391601042
     ("" (skosimp)
      (("" (use "bounded_ok")
        (("" (assert)
          (("" (case "monotonic?(comp(xs!1))")
            (("1" (use "exe")
              (("1" (case "bounded?(down(xs!1))")
                (("1" (assert)
                  (("1" (use "bounded_ok")
                    (("1" (split)
                      (("1" (skosimp*)
                        (("1" (expand "isLimit")
                          (("1" (skosimp*)
                            (("1" (case "x!1<x!2")
                              (("1" (hide-all-but (-1 -2 -3 -4 -6))
                                (("1"
                                  (inst - "i!1+i!2+1")
                                  (("1"
                                    (inst? -5)
                                    (("1" (assert) nil nil))
                                    nil))
                                  nil))
                                nil)
                               ("2" (case "x!1=x!2")
                                (("1"
                                  (hide 1 3)
                                  (("1"
                                    (replace -1 :hide? t)
                                    (("1"
                                      (inst + "x!2")
                                      (("1"
                                        (case
                                         "bounded?(sendCnt(xs!1, x!2))")
                                        (("1"
                                          (hide 1)
                                          (("1"
                                            (use "bounded_ok")
                                            (("1"
                                              (assert)
                                              (("1"
                                                (prop)
                                                (("1"
                                                  (skosimp*)
                                                  (("1"
                                                    (expand "isLimit")
                                                    (("1"
                                                      (skosimp*)
                                                      (("1"
                                                        (inst
                                                         -
                                                         "i!1+i!2+i!3+1")
                                                        (("1"
                                                          (prop)
                                                          (("1"
                                                            (name
                                                             "ii"
                                                             "i!1+i!2+i!3+1")
                                                            (("1"
                                                              (replace
                                                               -1
                                                               :hide?
                                                               t)
                                                              (("1"
                                                                (case
                                                                 "FORALL (j:nat
 ): ii<j implies ma(xs!1(j+1)) < ma(xs!1(j))")
                                                                (("1"
                                                                  (hide-all-but
                                                                   -1)
                                                                  (("1"
                                                                    (case
                                                                     " FORALL (
 j:nat):ma(xs!1(ii+j+1)) < ma(xs!1(ii+1))")
                                                                    (("1"
                                                                      (assert)
                                                                      (("1"
                                                                        (inst?)
                                                                        (("1"
                                                                          (inst
 ?)
                                                                          (("1"
                                                                            (as
 sert)
                                                                            nil
                                                                            nil
 ))
                                                                          nil))
                                                                        nil))
                                                                      nil)
                                                                     ("2"
                                                                      (skosimp)
                                                                      (("2"
                                                                        (inst?)
                                                                        (("2"
                                                                          (asse
 rt)
                                                                          (("2"
                                                                            (po
 stpone)
                                                                            nil
                                                                            nil
 ))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil)
                                                                 ("2"
                                                                  (induct
                                                                   "j")
                                                                  (("1"
                                                                    (assert)
                                                                    nil
                                                                    nil)
                                                                   ("2"
                                                                    (skosimp)
                                                                    (("2"
                                                                      (inst?)
                                                                      (("2"
                                                                        (inst?)
                                                                        (("2"
                                                                          (inst
 ?)
                                                                          (("2"
                                                                            (as
 sert)
                                                                            (("
 2"
                                                                              (
 postpone)
                                                                              n
 il
                                                                              n
 il))
                                                                            nil
 ))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil)
                                                           ("2"
                                                            (assert)
                                                            nil
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil)
                                                 ("2"
                                                  (assert)
                                                  (("2"
                                                    (use "mono_implied")
                                                    (("2"
                                                      (assert)
                                                      (("2"
                                                        (skosimp)
                                                        (("2"
                                                          (assert)
                                                          (("2"
                                                            (expand
                                                             "sendCnt")
                                                            (("2"
                                                              (assert)
                                                              (("2"
                                                                (expand
                                                                 "bounded?")
                                                                (("2"
                                                                  (skosimp*)
                                                                  (("2"
                                                                    (assert)
                                                                    (("2"
                                                                      (inst?)
                                                                      (("2"
                                                                        (inst?)
                                                                        (("2"
                                                                          (inst
 ?)
                                                                          (("2"
                                                                            (in
 st?)
                                                                            (("
 2"
                                                                              (
 inst?)
                                                                              (
 ("2"
                                                                               
  (inst?)
                                                                               
  (("2"
                                                                               
    (assert)
                                                                               
    (("2"
                                                                               
      (grind)
                                                                               
      nil
                                                                               
      nil))
                                                                               
    nil))
                                                                               
  nil))
                                                                              n
 il))
                                                                            nil
 ))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil)
                                         ("2"
                                          (inst?)
                                          (("2"
                                            (assert)
                                            (("2" (postpone) nil nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil)
                                 ("2"
                                  (assert)
                                  (("2"
                                    (hide 1 2 4)
                                    (("2" (postpone) nil nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil)
                       ("2" (propax) nil nil) ("3" (propax) nil nil))
                      nil))
                    nil))
                  nil)
                 ("2" (assert)
                  (("2" (hide 2 3)
                    (("2" (skosimp*)
                      (("2" (expand "isLimit")
                        (("2" (skosimp*)
                          (("2" (expand "bounded?")
                            (("2" (skosimp*)
                              (("2" (inst + "x!1")
                                (("2"
                                  (skosimp)
                                  (("2"
                                    (expand "down")
                                    (("2"
                                      (inst -3 "j!1")
                                      (("2"
                                        (assert)
                                        (("2"
                                          (inst?)
                                          (("2"
                                            (inst?)
                                            (("2" (postpone) nil nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (assert)
              (("2" (prop)
                (("1" (hide 2 3)
                  (("1" (skosimp)
                    (("1" (use "exec_monoc") (("1" (assert) nil nil))
                      nil))
                    nil))
                  nil)
                 ("2" (hide 2 3)
                  (("2" (use "exec_monoc") (("2" (assert) nil nil)) nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     unfinished nil 396686 40320 t shostak)))
  
  
  --------------060408050603000603020500
  Content-Type: text/plain;
   name="lqallproof"
  Content-Transfer-Encoding: 7bit
  Content-Disposition: inline;
   filename="lqallproof"
  
  ;;; Proof lqall_is_invariant-2 for formula sliding.lqall_is_invariant
  ;;; developed with SHOSTAK decision procedures
  (""
   (SKOSIMP)
   (EXPAND "lqall")
   (FLATTEN)
   (SPLIT)
   (("1" (USE "lq0_kept_valid") (ASSERT)) ("2" (USE "lq1_kept_valid") (ASSERT))
    ("3" (USE "lq2_kept_valid") (ASSERT)) ("4" (USE "lq3_kept_valid") (ASSERT))
    ("5" (USE "lq4_kept_valid") (ASSERT)) ("6" (USE "lq5_kept_valid") (ASSERT))
    ("7" (USE "lq6_kept_valid") (ASSERT)) ("8" (USE "lq7_kept_valid") (ASSERT))
 ))
  
  --------------060408050603000603020500
  Content-Type: text/plain;
   name="pvsbuffer"
  Content-Transfer-Encoding: 7bit
  Content-Disposition: inline;
   filename="pvsbuffer"
  
  Starting pvs-cmulisp -qq ...
  CMU Common Lisp 19d (19D), running on iwi241
  With core: /opt/local/pvs-4.0/bin/ix86-Linux/runtime/pvs-cmulisp.core
  Dumped on: Wed, 2006-11-29 02:19:17+01:00 on photon.csl.sri.com
  See <http://www.cons.org/cmucl/> for support information.
  Loaded subsystems:
      Python 1.1, target Intel x86
      CLOS based on Gerd's PCL 2004/04/14 03:32:47
  ;;; Opening as shared library /opt/local/pvs-4.0/bin/ix86-Linux/runtime/mu.so
  ...
  ;;; Done.
  ;;; Opening as shared library /opt/local/pvs-4.0/bin/ix86-Linux/runtime/ws1s.
 so ...
  ;;; Done.
  ; Loading #P"/opt/local/pvs-4.0/bin/ix86-Linux/runtime/bdd-cmu.x86f".
  ; Loading #P"/opt/local/pvs-4.0/bin/ix86-Linux/runtime/mu-cmu.x86f".
  ; Loading #P"/opt/local/pvs-4.0/bin/ix86-Linux/runtime/dfa-foreign-cmu.x86f".
  
  * 
  * 
  
  
  
  
  lqall_is_invariant :  
  
    |-------
  {1}   FORALL (x, y: state): lqall(x) AND step(x, y) IMPLIES lqall(y)
  
  Rerunning step: (SKOSIMP)
  Skolemizing and flattening,
  this simplifies to: 
  lqall_is_invariant :  
  
  {-1}  lqall(x!1)
  {-2}  step(x!1, y!1)
    |-------
  {1}   lqall(y!1)
  
  
  
  Rerunning step: (EXPAND "lqall")
  Expanding the definition of lqall,
  this simplifies to: 
  lqall_is_invariant :  
  
  {-1}       lq0(x!1) AND lq1(x!1) AND lq2(x!1) AND lq3(x!1) AND lq4(x!1)
         AND lq5(x!1) AND lq6(x!1) AND lq7(x!1)
  [-2]  step(x!1, y!1)
    |-------
  {1}        lq0(y!1) AND lq1(y!1) AND lq2(y!1) AND lq3(y!1) AND lq4(y!1)
         AND lq5(y!1) AND lq6(y!1) AND lq7(y!1)
  
  
  
  Rerunning step: (FLATTEN)
  Applying disjunctive simplification to flatten sequent,
  this simplifies to: 
  lqall_is_invariant :  
  
  {-1}  lq0(x!1)
  {-2}  lq1(x!1)
  {-3}  lq2(x!1)
  {-4}  lq3(x!1)
  {-5}  lq4(x!1)
  {-6}  lq5(x!1)
  {-7}  lq6(x!1)
  {-8}  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]        lq0(y!1) AND lq1(y!1) AND lq2(y!1) AND lq3(y!1) AND lq4(y!1)
         AND lq5(y!1) AND lq6(y!1) AND lq7(y!1)
  
  
  
  Rerunning step: (SPLIT)
  Splitting conjunctions,
  this yields  8 subgoals: 
  lqall_is_invariant.1 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq0(y!1)
  
  
  
  Rerunning step: (USE LQ0_KEPT_VALID)
  The following errors occurred within the strategy:
  
  Expecting a formula or constant
  No resolution for LQ0_KEPT_VALID
  
  Couldn't find a definition or lemma named LQ0_KEPT_VALID
  
  No change on: (USE LQ0_KEPT_VALID)
  lqall_is_invariant.1 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq0(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  this simplifies to: 
  lqall_is_invariant.1 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]   lq0(y!1)
  
  
  
  ***Warning: Fewer subproofs (0) than subgoals (1)
  No change on: (SKIP)
  lqall_is_invariant.1 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]   lq0(y!1)
  
  Postponing lqall_is_invariant.1.
  
  lqall_is_invariant.2 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq1(y!1)
  
  
  
  Rerunning step: (USE LQ1_KEPT_VALID)
  The following errors occurred within the strategy:
  
  Expecting a formula or constant
  No resolution for LQ1_KEPT_VALID
  
  Couldn't find a definition or lemma named LQ1_KEPT_VALID
  
  No change on: (USE LQ1_KEPT_VALID)
  lqall_is_invariant.2 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq1(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  this simplifies to: 
  lqall_is_invariant.2 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]   lq1(y!1)
  
  
  
  ***Warning: Fewer subproofs (0) than subgoals (1)
  No change on: (SKIP)
  lqall_is_invariant.2 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]   lq1(y!1)
  
  Postponing lqall_is_invariant.2.
  
  lqall_is_invariant.3 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq2(y!1)
  
  
  
  Rerunning step: (USE LQ2_KEPT_VALID)
  The following errors occurred within the strategy:
  
  Expecting a formula or constant
  No resolution for LQ2_KEPT_VALID
  
  Couldn't find a definition or lemma named LQ2_KEPT_VALID
  
  No change on: (USE LQ2_KEPT_VALID)
  lqall_is_invariant.3 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq2(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  this simplifies to: 
  lqall_is_invariant.3 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]   lq2(y!1)
  
  
  
  ***Warning: Fewer subproofs (0) than subgoals (1)
  No change on: (SKIP)
  lqall_is_invariant.3 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]   lq2(y!1)
  
  Postponing lqall_is_invariant.3.
  
  lqall_is_invariant.4 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq3(y!1)
  
  
  
  Rerunning step: (USE LQ3_KEPT_VALID)
  The following errors occurred within the strategy:
  
  Expecting a formula or constant
  No resolution for LQ3_KEPT_VALID
  
  Couldn't find a definition or lemma named LQ3_KEPT_VALID
  
  No change on: (USE LQ3_KEPT_VALID)
  lqall_is_invariant.4 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq3(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  this simplifies to: 
  lqall_is_invariant.4 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]   lq3(y!1)
  
  
  
  ***Warning: Fewer subproofs (0) than subgoals (1)
  No change on: (SKIP)
  lqall_is_invariant.4 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]   lq3(y!1)
  
  Postponing lqall_is_invariant.4.
  
  lqall_is_invariant.5 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq4(y!1)
  
  
  
  Rerunning step: (USE LQ4_KEPT_VALID)
  The following errors occurred within the strategy:
  
  Expecting a formula or constant
  No resolution for LQ4_KEPT_VALID
  
  Couldn't find a definition or lemma named LQ4_KEPT_VALID
  
  No change on: (USE LQ4_KEPT_VALID)
  lqall_is_invariant.5 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq4(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  this simplifies to: 
  lqall_is_invariant.5 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]   lq4(y!1)
  
  
  
  ***Warning: Fewer subproofs (0) than subgoals (1)
  No change on: (SKIP)
  lqall_is_invariant.5 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]   lq4(y!1)
  
  Postponing lqall_is_invariant.5.
  
  lqall_is_invariant.6 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq5(y!1)
  
  
  
  Rerunning step: (USE "lq5_kept_valid")
  Using lemma lq5_kept_valid,
  this simplifies to: 
  lqall_is_invariant.6 :  
  
  {-1}  lq5(x!1) AND step(x!1, y!1) AND lq6(x!1) IMPLIES lq5(y!1)
  [-2]  lq0(x!1)
  [-3]  lq1(x!1)
  [-4]  lq2(x!1)
  [-5]  lq3(x!1)
  [-6]  lq4(x!1)
  [-7]  lq5(x!1)
  [-8]  lq6(x!1)
  [-9]  lq7(x!1)
  [-10] step(x!1, y!1)
    |-------
  [1]   lq5(y!1)
  
  
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  
  
  
  This completes the proof of lqall_is_invariant.6.
  
  lqall_is_invariant.7 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq6(y!1)
  
  
  
  Rerunning step: (USE "lq6_kept_valid")
  Using lemma lq6_kept_valid,
  this simplifies to: 
  lqall_is_invariant.7 :  
  
  {-1}  lq6(x!1) AND step(x!1, y!1) AND lq4(x!1) IMPLIES lq6(y!1)
  [-2]  lq0(x!1)
  [-3]  lq1(x!1)
  [-4]  lq2(x!1)
  [-5]  lq3(x!1)
  [-6]  lq4(x!1)
  [-7]  lq5(x!1)
  [-8]  lq6(x!1)
  [-9]  lq7(x!1)
  [-10] step(x!1, y!1)
    |-------
  [1]   lq6(y!1)
  
  
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  
  
  
  This completes the proof of lqall_is_invariant.7.
  
  lqall_is_invariant.8 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq7(y!1)
  
  
  
  Rerunning step: (USE "lq7_kept_valid")
  Using lemma lq7_kept_valid,
  this simplifies to: 
  lqall_is_invariant.8 :  
  
  {-1}  lq7(x!1) AND step(x!1, y!1) AND lq4(x!1) IMPLIES lq7(y!1)
  [-2]  lq0(x!1)
  [-3]  lq1(x!1)
  [-4]  lq2(x!1)
  [-5]  lq3(x!1)
  [-6]  lq4(x!1)
  [-7]  lq5(x!1)
  [-8]  lq6(x!1)
  [-9]  lq7(x!1)
  [-10] step(x!1, y!1)
    |-------
  [1]   lq7(y!1)
  
  
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  
  
  
  This completes the proof of lqall_is_invariant.8.
  
  lqall_is_invariant.1 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]   lq0(y!1)
  
  
  
  Rule? (quit)
  
  Do you really want to quit?  (Y or N): y
  
  
  
  Would you like the proof to be saved? (Yes or No) no
  
  Run time  = 0.141 secs.
  Real time = 1.761 secs.
  
  NIL
  * ;;;
  
  lqall_is_invariant :  
  
    |-------
  {1}   FORALL (x, y: state): lqall(x) AND step(x, y) IMPLIES lqall(y)
  
  Rerunning step: (SKOSIMP)
  Skolemizing and flattening,
  this simplifies to: 
  lqall_is_invariant :  
  
  {-1}  lqall(x!1)
  {-2}  step(x!1, y!1)
    |-------
  {1}   lqall(y!1)
  
  Rerunning step: (EXPAND "lqall")
  Expanding the definition of lqall,
  this simplifies to: 
  lqall_is_invariant :  
  
  {-1}       lq0(x!1) AND lq1(x!1) AND lq2(x!1) AND lq3(x!1) AND lq4(x!1)
         AND lq5(x!1) AND lq6(x!1) AND lq7(x!1)
  [-2]  step(x!1, y!1)
    |-------
  {1}        lq0(y!1) AND lq1(y!1) AND lq2(y!1) AND lq3(y!1) AND lq4(y!1)
         AND lq5(y!1) AND lq6(y!1) AND lq7(y!1)
  
  Rerunning step: (FLATTEN)
  Applying disjunctive simplification to flatten sequent,
  this simplifies to: 
  lqall_is_invariant :  
  
  {-1}  lq0(x!1)
  {-2}  lq1(x!1)
  {-3}  lq2(x!1)
  {-4}  lq3(x!1)
  {-5}  lq4(x!1)
  {-6}  lq5(x!1)
  {-7}  lq6(x!1)
  {-8}  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  [1]        lq0(y!1) AND lq1(y!1) AND lq2(y!1) AND lq3(y!1) AND lq4(y!1)
         AND lq5(y!1) AND lq6(y!1) AND lq7(y!1)
  
  Rerunning step: (SPLIT)
  Splitting conjunctions,
  this yields  8 subgoals: 
  lqall_is_invariant.1 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq0(y!1)
  
  Rerunning step: (USE "lq0_kept_valid")
  Using lemma lq0_kept_valid,
  this simplifies to: 
  lqall_is_invariant.1 :  
  
  {-1}  lq0(x!1) AND step(x!1, y!1) AND lq1(x!1) AND lq3(x!1) IMPLIES lq0(y!1)
  [-2]  lq0(x!1)
  [-3]  lq1(x!1)
  [-4]  lq2(x!1)
  [-5]  lq3(x!1)
  [-6]  lq4(x!1)
  [-7]  lq5(x!1)
  [-8]  lq6(x!1)
  [-9]  lq7(x!1)
  [-10] step(x!1, y!1)
    |-------
  [1]   lq0(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  
  This completes the proof of lqall_is_invariant.1.
  
  lqall_is_invariant.2 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq1(y!1)
  
  Rerunning step: (USE "lq1_kept_valid")
  Using lemma lq1_kept_valid,
  this simplifies to: 
  lqall_is_invariant.2 :  
  
  {-1}  lq1(x!1) AND step(x!1, y!1) IMPLIES lq1(y!1)
  [-2]  lq0(x!1)
  [-3]  lq1(x!1)
  [-4]  lq2(x!1)
  [-5]  lq3(x!1)
  [-6]  lq4(x!1)
  [-7]  lq5(x!1)
  [-8]  lq6(x!1)
  [-9]  lq7(x!1)
  [-10] step(x!1, y!1)
    |-------
  [1]   lq1(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  
  This completes the proof of lqall_is_invariant.2.
  
  lqall_is_invariant.3 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq2(y!1)
  
  Rerunning step: (USE "lq2_kept_valid")
  Using lemma lq2_kept_valid,
  this simplifies to: 
  lqall_is_invariant.3 :  
  
  {-1}  lq2(x!1) AND step(x!1, y!1) IMPLIES lq2(y!1)
  [-2]  lq0(x!1)
  [-3]  lq1(x!1)
  [-4]  lq2(x!1)
  [-5]  lq3(x!1)
  [-6]  lq4(x!1)
  [-7]  lq5(x!1)
  [-8]  lq6(x!1)
  [-9]  lq7(x!1)
  [-10] step(x!1, y!1)
    |-------
  [1]   lq2(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  
  This completes the proof of lqall_is_invariant.3.
  
  lqall_is_invariant.4 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq3(y!1)
  
  Rerunning step: (USE "lq3_kept_valid")
  Using lemma lq3_kept_valid,
  this simplifies to: 
  lqall_is_invariant.4 :  
  
  {-1}  lq3(x!1) AND step(x!1, y!1) AND lq1(x!1) IMPLIES lq3(y!1)
  [-2]  lq0(x!1)
  [-3]  lq1(x!1)
  [-4]  lq2(x!1)
  [-5]  lq3(x!1)
  [-6]  lq4(x!1)
  [-7]  lq5(x!1)
  [-8]  lq6(x!1)
  [-9]  lq7(x!1)
  [-10] step(x!1, y!1)
    |-------
  [1]   lq3(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  
  This completes the proof of lqall_is_invariant.4.
  
  lqall_is_invariant.5 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq4(y!1)
  
  Rerunning step: (USE "lq4_kept_valid")
  Using lemma lq4_kept_valid,
  this simplifies to: 
  lqall_is_invariant.5 :  
  
  {-1}  lq4(x!1) AND step(x!1, y!1) AND lq2(x!1) IMPLIES lq4(y!1)
  [-2]  lq0(x!1)
  [-3]  lq1(x!1)
  [-4]  lq2(x!1)
  [-5]  lq3(x!1)
  [-6]  lq4(x!1)
  [-7]  lq5(x!1)
  [-8]  lq6(x!1)
  [-9]  lq7(x!1)
  [-10] step(x!1, y!1)
    |-------
  [1]   lq4(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  
  This completes the proof of lqall_is_invariant.5.
  
  lqall_is_invariant.6 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq5(y!1)
  
  Rerunning step: (USE "lq5_kept_valid")
  Using lemma lq5_kept_valid,
  this simplifies to: 
  lqall_is_invariant.6 :  
  
  {-1}  lq5(x!1) AND step(x!1, y!1) AND lq6(x!1) IMPLIES lq5(y!1)
  [-2]  lq0(x!1)
  [-3]  lq1(x!1)
  [-4]  lq2(x!1)
  [-5]  lq3(x!1)
  [-6]  lq4(x!1)
  [-7]  lq5(x!1)
  [-8]  lq6(x!1)
  [-9]  lq7(x!1)
  [-10] step(x!1, y!1)
    |-------
  [1]   lq5(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  
  This completes the proof of lqall_is_invariant.6.
  
  lqall_is_invariant.7 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq6(y!1)
  
  Rerunning step: (USE "lq6_kept_valid")
  Using lemma lq6_kept_valid,
  this simplifies to: 
  lqall_is_invariant.7 :  
  
  {-1}  lq6(x!1) AND step(x!1, y!1) AND lq4(x!1) IMPLIES lq6(y!1)
  [-2]  lq0(x!1)
  [-3]  lq1(x!1)
  [-4]  lq2(x!1)
  [-5]  lq3(x!1)
  [-6]  lq4(x!1)
  [-7]  lq5(x!1)
  [-8]  lq6(x!1)
  [-9]  lq7(x!1)
  [-10] step(x!1, y!1)
    |-------
  [1]   lq6(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  
  This completes the proof of lqall_is_invariant.7.
  
  lqall_is_invariant.8 :  
  
  [-1]  lq0(x!1)
  [-2]  lq1(x!1)
  [-3]  lq2(x!1)
  [-4]  lq3(x!1)
  [-5]  lq4(x!1)
  [-6]  lq5(x!1)
  [-7]  lq6(x!1)
  [-8]  lq7(x!1)
  [-9]  step(x!1, y!1)
    |-------
  {1}   lq7(y!1)
  
  Rerunning step: (USE "lq7_kept_valid")
  Using lemma lq7_kept_valid,
  this simplifies to: 
  lqall_is_invariant.8 :  
  
  {-1}  lq7(x!1) AND step(x!1, y!1) AND lq4(x!1) IMPLIES lq7(y!1)
  [-2]  lq0(x!1)
  [-3]  lq1(x!1)
  [-4]  lq2(x!1)
  [-5]  lq3(x!1)
  [-6]  lq4(x!1)
  [-7]  lq5(x!1)
  [-8]  lq6(x!1)
  [-9]  lq7(x!1)
  [-10] step(x!1, y!1)
    |-------
  [1]   lq7(y!1)
  
  Rerunning step: (ASSERT)
  Simplifying, rewriting, and recording with decision procedures,
  
  This completes the proof of lqall_is_invariant.8.
  
  Q.E.D.
  
  
  Would you like the proof to be saved? (Yes or No) no
  
  Run time  = 0.064 secs.
  Real time = 4.734 secs.
  
  
  File-error in function DELETE-FILE:
     "/net/users/wim/whcur/Ikram/Exercises/sliding.prf.~NIL~" doesn't exist.
     [Condition of type KERNEL:SIMPLE-FILE-ERROR]
  
  Restarts:
    0: [ABORT] Return to Top-Level.
  
  Debug  (type H for help)
  
  (DELETE-FILE "/net/users/wim/whcur/Ikram/Exercises/sliding.prf.~NIL~")
  Source: Error finding source: 
  Error in function DEBUG::GET-FILE-TOP-LEVEL-FORM:  Source file no longer exis
 ts:
    target:code/filesys.lisp.
  0] 
  
  --------------060408050603000603020500
  Content-Type: text/plain;
   name="pvsmess"
  Content-Transfer-Encoding: 7bit
  Content-Disposition: inline;
   filename="pvsmess"
  
  Loading advice...done
  Loading pvs-utils...done
  Loading pvs-cmds...done
  Loading pvs-prelude-files-and-regions (source)...done
  Loading pvs-print...done
  Loading pvs-prover...done
  Loading pvs-abbreviations...done
  Loading pvs-menu...done
  Loading pvs-tcl...
  Loading easy-mmode...done
  Loading pvs-tcl...done
  Loading pvs-prover-helps...done
  Loading pvs-eval...done
  Loading pvs-pvsio (source)...done
  Initializing PVS: please wait...
  cmulisp-local-source-directory not set. [2 times]
  Started initializing ILISP
  Finished initializing pvscmulisp
  Context changed to ~/whcur/Ikram/Exercises/
  Loading ~/.pvsemacs...done
  Ready
  Loading pvs-load...done
  Files in library PVSHOME/ will be ignored
  Skipping PVSHOME/.pvs.lisp
  Undumping ~//whcur/Ikram/Exercises/sliding.pvs
  Wrote /net/users/wim/whcur/Ikram/Exercises/sliding.pvs
  Undumping ~//whcur/Ikram/Exercises/sliding.prf
  Wrote /net/users/wim/whcur/Ikram/Exercises/sliding.prf
  Undumping ~//whcur/Ikram/Exercises/exec.pvs
  Wrote /net/users/wim/whcur/Ikram/Exercises/exec.pvs
  Undumping ~//whcur/Ikram/Exercises/exec.prf
  Wrote /net/users/wim/whcur/Ikram/Exercises/exec.prf
  Finished undumping ~/whcur/Ikram/Exercises/dumpexec
  Mark set
  Parsing sliding
  sliding parsed in 0.27 seconds
  Typechecking sliding
  sliding typechecked in 1.38s: 12 TCCs, 0 proved, 2 subsumed, 10 unproved
  Loading cl-extra...done
  Mark set
  Replaced 5 occurrences
  if: Quit
  
  Proof installed on lqall_is_invariant as lqall_is_invariant-3
  
  comint-get-source: Quit
  Wrote /net/users/wim/whcur/Ikram/Exercises/lqallproof
  lisp-send-region: Region is empty
  Wrote /net/users/wim/whcur/Ikram/Exercises/pvsbuffer
  Mark set [2 times]
  
  --------------060408050603000603020500--

How-To-Repeat: 

Fix: 
Home Intro Announce FAQ Docs Download Mail Status Bugs Users Related FM Tools