%% PVS Version 3.1 %% 6.2 [Linux (x86)] (Feb 13, 2003 4:25) $$$sporadic_tasks.pvs %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Sporadic tasks % % - tasks are in [0..nbtask-1] % % - prio(i): priority of task i % % - jobs are pairs (i, n) where i is a task, n is nat % % - prio of a job = prio of its task % % % % C(i): max length of jobs of task i % % T(i): min delay between two successive jobs of i % % D(i): dealine for each job of i % % % % B(p): upper bound on blocking time for jobs of % % priority >= p % % % % dispatch(j): start of job j % % prog(j): program for job j % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% sporadic_tasks [ nbtasks: posnat, (IMPORTING programs, tasks_and_jobs[nbtasks]) prio: [task -> priority], C, T, D: [task -> posnat], B: [priority -> nat], dispatch: [job -> nat], prog: [job -> prog] ]: THEORY BEGIN ASSUMING i: VAR task % below(nbtask) n, m: VAR nat p: VAR priority j: VAR job % [task, nat] s: VAR semaphore prio(i, n): MACRO priority = prio(i) good_dispatch: ASSUMPTION dispatch(i, n) + T(i) <= dispatch(i, n + 1) bound_length: ASSUMPTION length(prog(i, n)) <= C(i) blocking: ASSUMPTION prio(j) < p IMPLIES max_cs(prog(j), p) <= B(p) good_ceiling: ASSUMPTION member(s, resources(prog(j))) IMPLIES prio(j) <= ceil(s) good_programs: ASSUMPTION well_behaved(prog(j)) IMPORTING fsets_sum cpu_usage: ASSUMPTION sum(fullset[task], lambda i: C(i)/T(i)) < 1 topprio_is_used: ASSUMPTION EXISTS i: prio(i) = maxprio - 1 ENDASSUMING %% prio(j): priority = prio(j`1) IMPORTING traces[job, prio, dispatch, prog], ceiling_equations, schedules3 u: VAR trace t, t1, t2: VAR nat %----------------------------------------- % Properties of dispatch, blocking, etc. %----------------------------------------- dispatch_delay: LEMMA dispatch(i, n + m) - dispatch(i, m) >= n * T(i) increasing_dispatch: LEMMA n < m IMPLIES dispatch(i, n) + T(i) <= dispatch(i, m) blocking_bound: LEMMA blocking(u, p, t) <= B(p) process_time_bound: LEMMA process_time(sch(u), t1, t2, j) <= C(j`1) finished_prop: LEMMA process_time(sch(u), t1, t2, j) = C(j`1) IMPLIES finished(u, j, t2) %---------------------------------------------------------------- % Set of jobs of priority >= p AND dispatched between t1 and t2 %----------------------------------------------------------------- K(p, t1, t2): set[job] = { j | prio(j) >= p AND t1 <= dispatch(j) AND dispatch(j) < t2 } L(i, t1, t2): set[job] = { j | j`1 = i AND t1 <= dispatch(j) AND dispatch(j) < t2 } A(p): set[task] = { i | prio(i) >= p } partition_K: LEMMA partition(K(p, t1, t2))(A(p), lambda i: L(i, t1, t2)) A_nonempty: JUDGEMENT A(p) HAS_TYPE non_empty_finite_set[task] %------------------------------- % The sets L and K are finite %------------------------------- injection_prop: LEMMA t1 <= t2 AND n = ceiling((t2 - t1) / T(i)) IMPLIES EXISTS (h: [(L(i, t1, t2)) -> below(n)]): injective?(h) L_finite: JUDGEMENT L(i, t1, t2) HAS_TYPE finite_set[job] card_L: LEMMA t1 <= t2 IMPLIES card(L(i, t1, t2)) <= ceiling((t2 - t1)/ T(i)) K_finite: JUDGEMENT K(p, t1, t2) HAS_TYPE finite_set[job] bound_L: LEMMA L(i, t1, t2)(j) IMPLIES process_time(sch(u), t1, t2, j) <= C(i) finished_L: LEMMA L(i, t1, t2)(j) AND process_time(sch(u), t1, t2, j) = C(i) IMPLIES finished(u, j, t2) process_time_L: LEMMA t1 <= t2 IMPLIES process_time(sch(u), t1, t2, L(i, t1, t2)) <= C(i) * ceiling((t2 - t1)/ T(i)) max_process_time_L: LEMMA t1 <= t2 AND member(j, L(i, t1, t2)) AND process_time(sch(u), t1, t2, L(i, t1, t2)) = C(i) * ceiling((t2 - t1)/ T(i)) IMPLIES finished(u, j, t2) process_time_K: LEMMA t1 <= t2 IMPLIES process_time(sch(u), t1, t2, K(p, t1, t2)) <= sum(A(p), lambda i: C(i) * ceiling((t2 - t1)/T(i))) max_process_time_K: LEMMA t1 < t2 AND member(j, K(p, t1, t2)) AND process_time(sch(u), t1, t2, K(p, t1, t2)) = sum(A(p), lambda i: C(i) * ceiling((t2 - t1)/T(i))) IMPLIES finished(u, j, t2) %-------------------------------------------------------------- % Quiet time: time t such that all jobs of priority >= p % started before t are finished at t %--------------------------------------------------------------- quiet(u, p, t): bool = FORALL j: dispatch(j) < t AND prio(j) >= p IMPLIES finished(u, j, t) not_busy_quiet: LEMMA not busy(u, p, t) IMPLIES quiet(u, p, t) quiet_step: LEMMA quiet(u, p, t) AND not busy(u, p, t) IMPLIES quiet(u, p, t+1) zero_is_quiet: LEMMA quiet(u, p, 0) busy_interval: LEMMA quiet(u, p, t1) AND t1 <= t2 IMPLIES process_time(sch(u), t1, t2, K(p, t1, t2)) = process_time(sch(u), t1, t2, K(p)) busy_interval2: LEMMA quiet(u, p, t1) AND t1 <= t2 IMPLIES process_time(sch(u), t1, t2, K(p)) <= sum(A(p), lambda i: C(i) * ceiling((t2 - t1)/T(i))) %----------------------------------------------------------------- % - M(p): smallest solution of the equation % B_p + sum_{prio(i) <= p} C_i * ceiling(x / T_i) = x %---------------------------------------------------------------- x: VAR posreal d: VAR posnat bound(x, p): bool = sum(A(p), lambda i: C(i) * ceiling(x / T(i))) + B(p) = x partial_cpu_usage: LEMMA sum(A(p), lambda i: C(i)/T(i)) < 1 smallest_bound: LEMMA EXISTS d: bound(d, p) AND (FORALL x: bound(x, p) IMPLIES d <= x) M(p): { d | bound(d, p) AND FORALL x: bound(x, p) IMPLIES d <= x } solution_prop: LEMMA sum(A(p), lambda i: C(i) * ceiling(M(p)/T(i))) = M(p) - B(p) %---------------- % Busy periods %---------------- busy_period(u, p, t1, t2): bool = t1 < t2 AND busy(u, p, t1) AND quiet(u, p, t1) AND quiet(u, p, t2) AND FORALL t: t1 < t AND t < t2 IMPLIES not quiet(u, p, t) busy_period_prop: LEMMA busy_period(u, p, t1, t2) AND t1 <= t AND t < t2 IMPLIES busy(u, p, t) %---------------------------------------- % Bound on the length of busy periods %---------------------------------------- critical_interval: PROPOSITION quiet(u, p, t1) IMPLIES EXISTS t2: t1 < t2 AND t2 <= t1 + M(p) AND quiet(u, p, t2) delay_to_quiet_time: LEMMA FORALL t: EXISTS t2: quiet(u, p, t2) AND t < t2 AND t2 <= t + M(p) busy_period_length: LEMMA busy_period(u, p, t1, t2) IMPLIES t2 - t1 <= M(p) job_in_busy_period: LEMMA prio(j) = p IMPLIES EXISTS t1, t2: t1 <= dispatch(j) AND dispatch(j) < t2 AND busy_period(u, p, t1, t2) %--------------------------- % First termination bound %--------------------------- termination1: PROPOSITION prio(j) = p IMPLIES finished(u, j, dispatch(j) + M(p)) %------------------------------------------------------ % First schedulability criterion: M(prio(i)) <= D(i) %------------------------------------------------------ deadline(j): nat = dispatch(j) + D(j`1) schedulability1: PROPOSITION (FORALL i: M(prio(i)) <= D(i)) IMPLIES (FORALL u, j: finished(u, j, deadline(j))) %------------------------------------------------------ % Schedulability criterion in the more standard case % - one task per priority % - deadline before period %------------------------------------------------------ l, l1, l2: VAR task M: VAR posnat H(i): set[task] = { l | prio(l) > prio(i) } J(i): set[task] = { l | prio(l) = prio(i) } B(i): nat = B(prio(i)) schedulability_criterion: PROPOSITION (FORALL l1, l2: prio(l1) = prio(l2) IMPLIES l1 = l2) AND (FORALL i: D(i) <= T(i)) AND (FORALL i: EXISTS M: sum(H(i), lambda l: C(l) * ceiling(M / T(l))) + B(i) + C(i) = M AND M <= D(i)) IMPLIES (FORALL u, j: finished(u, j, deadline(j))) END sporadic_tasks $$$sporadic_tasks.prf (sporadic_tasks (IMP_traces_TCC1 0 (IMP_traces_TCC1-1 nil 3243372903 3243372913 ("" (lemma "good_ceiling") (("" (expand "prio") (("" (propax) nil nil)) nil)) nil) proved-complete ((good_ceiling formula-decl nil sporadic_tasks nil)) 66 70 nil nil)) (IMP_traces_TCC2 0 (IMP_traces_TCC2-1 nil 3243372903 3243372913 ("" (lemma "good_programs") (("" (propax) nil nil)) nil) proved-complete ((good_programs formula-decl nil sporadic_tasks nil)) 19 20 nil nil)) (dispatch_delay 0 (dispatch_delay-1 nil 3243372903 3243372914 ("" (skolem + ("i!1" "m!1" _)) (("" (induct-and-simplify "n") (("" (use "good_dispatch") (("" (assert) nil nil)) nil)) nil)) nil) proved-complete ((nat_induction formula-decl nil naturalnumbers nil) (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (pred type-eq-decl nil defined_types nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (good_dispatch formula-decl nil sporadic_tasks nil)) 822 710 nil nil)) (increasing_dispatch 0 (increasing_dispatch-1 nil 3243372903 3243372915 ("" (skosimp) (("" (use "dispatch_delay" ("m" "n!1" "n" "m!1 - n!1")) (("1" (use "both_sides_times_pos_le1" ("pz" "T(i!1)" "x" "n!1 + 1" "y" "m!1")) (("1" (assert) nil nil)) nil) ("2" (assert) nil nil)) nil)) nil) proved-complete ((dispatch_delay formula-decl nil sporadic_tasks nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (posreal nonempty-type-eq-decl nil real_types nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (both_sides_times_pos_le1 formula-decl nil real_props nil)) 591 540 nil nil)) (blocking_bound 0 (blocking_bound-1 nil 3243372903 3243372915 ("" (skolem!) (("" (expand "blocking") (("" (smash) (("" (rewrite "blocking") (("" (use "blocker_prio2") (("" (rewrite "prio" :dir rl) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete (nil (blocking formula-decl nil sporadic_tasks nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (pc nonempty-type-eq-decl nil programs nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (NOT const-decl "[bool -> bool]" booleans nil) (set type-eq-decl nil sets nil) (empty? const-decl "bool" sets nil) nil nil (blocker_prio2 formula-decl nil traces nil)) 257 230 nil nil)) (process_time_bound 0 (process_time_bound-1 nil 3243372903 3243372915 ("" (skolem!) (("" (case "t1!1 <= t2!1") (("1" (rewrite "process_time2") (("1" (use "bound_length" ("n" "j!1`2")) (("1" (assert) nil nil)) nil)) nil) ("2" (auto-rewrite "process_time" "sum") (("2" (assert) nil nil)) nil)) nil)) nil) proved-complete ((nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (<= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (bound_length formula-decl nil sporadic_tasks nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (process_time2 formula-decl nil traces nil) (sum def-decl "nat" sum_sequences nil) nil nil) 422 370 nil nil)) (finished_prop 0 (finished_prop-1 nil 3243372903 3243372916 ("" (skosimp) (("" (case "t1!1 <= t2!1") (("1" (rewrite "process_time2") (("1" (rewrite "finished_equiv") (("1" (use "bound_length" ("n" "j!1`2")) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (auto-rewrite "process_time" "sum") (("2" (assert) nil nil)) nil)) nil)) nil) proved-complete ((nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (<= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (finished_equiv formula-decl nil traces nil) (bound_length formula-decl nil sporadic_tasks nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (process_time2 formula-decl nil traces nil) (sum def-decl "nat" sum_sequences nil) nil nil) 430 360 nil nil)) (partition_K 0 (partition_K-1 nil 3243372903 3243372916 ("" (grind) (("" (apply-extensionality :hide? t) nil nil)) nil) proved-complete ((union const-decl "set[U]" indexed_partitions nil) (K const-decl "set[job]" sporadic_tasks nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (A const-decl "set[task]" sporadic_tasks nil) (set type-eq-decl nil sets nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (< const-decl "bool" reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (partition const-decl "bool" indexed_partitions nil) (disjoint? const-decl "bool" sets nil) (empty? const-decl "bool" sets nil) (intersection const-decl "set" sets nil) (member const-decl "bool" sets nil) (L const-decl "set[job]" sporadic_tasks nil)) 620 510 nil nil)) (A_nonempty 0 (A_nonempty-1 nil 3243372903 3243372916 ("" (skolem!) (("" (lemma "topprio_is_used") (("" (grind :if-match nil) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((topprio_is_used formula-decl nil sporadic_tasks nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (< const-decl "bool" reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (empty? const-decl "bool" sets nil) (member const-decl "bool" sets nil) (A const-decl "set[task]" sporadic_tasks nil)) 181 180 nil nil)) (injection_prop 0 (injection_prop-2 "Needs an extra apply-extensionality. Check with Shankar's fix of ASSERT." 3243373647 3243690910 ("" (skosimp) (("" (inst + "lambda (j: (L(i!1, t1!1, t2!1))): floor((dispatch(j) - t1!1)/T(i!1))") (("1" (grind) (("1" (apply-extensionality :hide? t) (("1" (delete -2 -3 -5 -6 -7 -8) (("1" (auto-rewrite "div_simp") (("1" (use "increasing_dispatch" ("n" "x1!1`2" "m" "x2!1`2")) (("1" (use "increasing_dispatch" ("n" "x2!1`2" "m" "x1!1`2")) (("1" (case-replace "(i!1, x1!1`2) = x1!1") (("1" (case-replace "(i!1, x2!1`2) = x2!1") (("1" (delete -1 -2) (("1" (ground) (("1" (use "both_sides_div_pos_le1" ("pz" "T(i!1)" "x" "T(i!1) + dispatch(x2!1)" "y" "dispatch(x1!1)")) (("1" (rewrite "div_distributes" -1 :dir rl) (("1" (assert) nil nil)) nil)) nil) ("2" (use "both_sides_div_pos_le1" ("pz" "T(i!1)" "x" "T(i!1) + dispatch(x1!1)" "y" "dispatch(x2!1)")) (("2" (rewrite "div_distributes" -1 :dir rl) (("2" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (skolem-typepred) (("2" (expand "L") (("2" (ground) (("1" (use "pos_div_ge" ("x" "dispatch(j!1) - t1!1")) (("1" (assert) nil nil)) nil) ("2" (use "both_sides_div_pos_lt1" ("pz" "T(i!1)" "x" "dispatch(j!1) - t1!1" "y" "t2!1 - t1!1")) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((n!1 skolem-const-decl "nat" sporadic_tasks nil) (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (floor const-decl "{i | i <= x & x < i + 1}" floor_ceil nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (<= const-decl "bool" reals nil) (integer nonempty-type-from-decl nil integers nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (t2!1 skolem-const-decl "nat" sporadic_tasks nil) (t1!1 skolem-const-decl "nat" sporadic_tasks nil) (i!1 skolem-const-decl "task[nbtasks]" sporadic_tasks nil) (L const-decl "set[job]" sporadic_tasks nil) (set type-eq-decl nil sets nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (below type-eq-decl nil naturalnumbers nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (div_distributes formula-decl nil real_props nil) (div_simp formula-decl nil real_props nil) (both_sides_div_pos_le1 formula-decl nil real_props nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (posreal nonempty-type-eq-decl nil real_types nil) (= const-decl "[T, T -> boolean]" equalities nil) (increasing_dispatch formula-decl nil sporadic_tasks nil) (NOT const-decl "[bool -> bool]" booleans nil) (injective? const-decl "bool" functions nil) (both_sides_div_pos_lt1 formula-decl nil real_props nil) (pos_div_ge formula-decl nil real_props nil)) 33818 8340 t shostak) (injection_prop-1 nil 3243372903 3243372919 ("" (skosimp) (("" (inst + "lambda (j: (L(i!1, t1!1, t2!1))): floor((dispatch(j) - t1!1)/T(i!1))") (("1" (grind) (("1" (apply-extensionality :hide? t) (("1" (delete -2 -3 -5 -6 -7 -8) (("1" (auto-rewrite "div_simp") (("1" (use "increasing_dispatch" ("n" "x1!1`2" "m" "x2!1`2")) (("1" (use "increasing_dispatch" ("n" "x2!1`2" "m" "x1!1`2")) (("1" (case-replace "(i!1, x1!1`2) = x1!1") (("1" (case-replace "(i!1, x2!1`2) = x2!1") (("1" (delete -1 -2) (("1" (ground) (("1" (use "both_sides_div_pos_le1" ("pz" "T(i!1)" "x" "T(i!1) + dispatch(x2!1)" "y" "dispatch(x1!1)")) (("1" (rewrite "div_distributes" -1 :dir rl) (("1" (assert) nil nil)) nil)) nil) ("2" (use "both_sides_div_pos_le1" ("pz" "T(i!1)" "x" "T(i!1) + dispatch(x1!1)" "y" "dispatch(x2!1)")) (("2" (rewrite "div_distributes" -1 :dir rl) (("2" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (skolem-typepred) (("2" (expand "L") (("2" (ground) (("1" (use "pos_div_ge" ("x" "dispatch(j!1) - t1!1")) (("1" (assert) nil nil)) nil) ("2" (use "both_sides_div_pos_lt1" ("pz" "T(i!1)" "x" "dispatch(j!1) - t1!1" "y" "t2!1 - t1!1")) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved (nil (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (floor const-decl "{i | i <= x & x < i + 1}" floor_ceil nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (<= const-decl "bool" reals nil) (integer nonempty-type-from-decl nil integers nil) (AND const-decl "[bool, bool -> bool]" booleans nil) nil nil nil (L const-decl "set[job]" sporadic_tasks nil) (set type-eq-decl nil sets nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (below type-eq-decl nil naturalnumbers nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (div_distributes formula-decl nil real_props nil) (div_simp formula-decl nil real_props nil) (both_sides_div_pos_le1 formula-decl nil real_props nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (posreal nonempty-type-eq-decl nil real_types nil) (= const-decl "[T, T -> boolean]" equalities nil) (increasing_dispatch formula-decl nil sporadic_tasks nil) (NOT const-decl "[bool -> bool]" booleans nil) (injective? const-decl "bool" functions nil) (both_sides_div_pos_lt1 formula-decl nil real_props nil) (pos_div_ge formula-decl nil real_props nil)) 2410 2180 nil nil)) (L_finite 0 (L_finite-1 nil 3243372903 3243372919 ("" (skolem!) (("" (case "t1!1 <= t2!1") (("1" (assert) (("1" (expand "is_finite") (("1" (name "n!1" "ceiling((t2!1 - t1!1) / T(i!1))") (("1" (use "pos_div_ge") (("1" (assert) (("1" (use "injection_prop" ("n" "n!1")) (("1" (assert) (("1" (skolem!) (("1" (inst + "n!1" "h!1") nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) (("2" (case-replace "L(i!1, t1!1, t2!1) = emptyset") (("1" (assert) nil nil) ("2" (delete 3) (("2" (auto-rewrite "L" "emptyset") (("2" (apply-extensionality :hide? t) (("2" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (<= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (is_finite const-decl "bool" finite_sets_def nil) (pos_div_ge formula-decl nil real_props nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (injection_prop formula-decl nil sporadic_tasks nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (set type-eq-decl nil sets nil) (L const-decl "set[job]" sporadic_tasks nil) (below type-eq-decl nil nat_types nil) (below type-eq-decl nil naturalnumbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (integer nonempty-type-from-decl nil integers nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (< const-decl "bool" reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (emptyset const-decl "set" sets nil)) 518 450 nil nil)) (card_L 0 (card_L-1 nil 3243372903 3243372920 ("" (skosimp) (("" (assert) (("" (rewrite "card_def") (("" (name-replace "n!1" "ceiling((t2!1 - t1!1) / T(i!1))" :hide? nil) (("" (use "pos_div_ge") (("" (assert) (("" (rewrite "Card_injection") (("" (use "injection_prop" ("n" "n!1")) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((= const-decl "[T, T -> boolean]" equalities nil) (integer nonempty-type-from-decl nil integers nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (injection_prop formula-decl nil sporadic_tasks nil) (Card_injection formula-decl nil card_def nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (pos_div_ge formula-decl nil real_props nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (L const-decl "set[job]" sporadic_tasks nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (card_def formula-decl nil card_def nil)) 435 380 nil nil)) (K_finite 0 (K_finite-1 nil 3243372903 3243375074 ("" (skolem!) (("" (use "partition_K") (("" (expand "partition") (("" (ground) (("" (replace*) (("" (rewrite "union_is_finite") nil nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((partition_K formula-decl nil sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (union_is_finite subtype-tcc nil indexed_partitions nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (A const-decl "set[task]" sporadic_tasks nil) (L const-decl "set[job]" sporadic_tasks nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (partition const-decl "bool" indexed_partitions nil)) 152333 1380 t nil)) (bound_L 0 (bound_L-1 nil 3243372903 3243372920 ("" (expand "L") (("" (skosimp) (("" (rewrite "process_time_bound") nil nil)) nil)) nil) proved-complete ((trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (process_time_bound formula-decl nil sporadic_tasks nil) (L const-decl "set[job]" sporadic_tasks nil)) 98 70 nil nil)) (finished_L 0 (finished_L-1 nil 3243372903 3243372920 ("" (expand "L") (("" (skosimp) (("" (forward-chain "finished_prop") nil nil)) nil)) nil) proved-complete ((trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (finished_prop formula-decl nil sporadic_tasks nil) (L const-decl "set[job]" sporadic_tasks nil)) 101 80 nil nil)) (process_time_L 0 (process_time_L-1 nil 3243372903 3243372921 ("" (skosimp) (("" (assert) (("" (rewrite "process_time_finite_set") (("" (use "sum_bound[job]" ("N" "C(i!1)")) (("" (auto-rewrite "bound_L" "card_L") (("" (ground) (("" (use "both_sides_times_pos_le2" ("x" "card(L(i!1, t1!1, t2!1))" "y" "ceiling((t2!1 - t1!1) / T(i!1))" "pz" "C(i!1)")) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((C formal-const-decl "[task -> posnat]" sporadic_tasks nil) (sum_bound formula-decl nil fsets_sum nil) nil (bound_L formula-decl nil sporadic_tasks nil) (card_L formula-decl nil sporadic_tasks nil) (both_sides_times_pos_le2 formula-decl nil real_props nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (posreal nonempty-type-eq-decl nil real_types nil) (Card const-decl "nat" card_def nil) (card const-decl "{n: nat | n = Card(S)}" card_def nil) (integer nonempty-type-from-decl nil integers nil) (<= const-decl "bool" reals nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (sch const-decl "schedule" traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (schedule type-eq-decl nil schedules nil) (lift type-decl nil lift_adt nil) (L const-decl "set[job]" sporadic_tasks nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (process_time_finite_set formula-decl nil schedules3 nil)) 595 550 nil nil)) (max_process_time_L 0 (max_process_time_L-1 nil 3243372903 3243372922 ("" (skosimp) (("" (rewrite "process_time_finite_set") (("" (auto-rewrite "bound_L" "member") (("" (case-replace "ceiling((t2!1 - t1!1) / T(i!1)) = card(L(i!1, t1!1, t2!1))") (("1" (delete -1) (("1" (use "sum_max_bound[job]" ("N" "C(i!1)")) (("1" (ground) (("1" (inst?) (("1" (forward-chain "finished_L") nil nil)) nil)) nil)) nil)) nil) ("2" (delete -2 2) (("2" (use "sum_bound[job]" ("N" "C(i!1)")) (("2" (ground) (("2" (use "both_sides_times_pos_lt2" ("pz" "C(i!1)" "x" "card(L(i!1, t1!1, t2!1))" "y" "ceiling((t2!1 - t1!1) / T(i!1))")) (("2" (assert) (("2" (use "card_L") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((process_time_finite_set formula-decl nil schedules3 nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (L const-decl "set[job]" sporadic_tasks nil) (lift type-decl nil lift_adt nil) (schedule type-eq-decl nil schedules nil) (pc nonempty-type-eq-decl nil programs nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (sch const-decl "schedule" traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (card const-decl "{n: nat | n = Card(S)}" card_def nil) (Card const-decl "nat" card_def nil) (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (<= const-decl "bool" reals nil) (integer nonempty-type-from-decl nil integers nil) (C formal-const-decl "[task -> posnat]" sporadic_tasks nil) (sum_max_bound formula-decl nil fsets_sum nil) nil (finished_L formula-decl nil sporadic_tasks nil) (member const-decl "bool" sets nil) (bound_L formula-decl nil sporadic_tasks nil) (sum_bound formula-decl nil fsets_sum nil) (posreal nonempty-type-eq-decl nil real_types nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (both_sides_times_pos_lt2 formula-decl nil real_props nil) (card_L formula-decl nil sporadic_tasks nil)) 925 860 nil nil)) (process_time_K 0 (process_time_K-1 nil 3243372903 3243372922 ("" (skosimp) (("" (use "partition_K") (("" (use "process_time_partition[task, job]") (("" (ground) (("" (replace*) (("" (delete -1 -2) (("" (auto-rewrite "process_time_L") (("" (rewrite "sum_le") nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((partition_K formula-decl nil sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (process_time_L formula-decl nil sporadic_tasks nil) (sum_le formula-decl nil fsets_sum nil) nil (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (C formal-const-decl "[task -> posnat]" sporadic_tasks nil) (integer nonempty-type-from-decl nil integers nil) (<= const-decl "bool" reals nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (L const-decl "set[job]" sporadic_tasks nil) (A const-decl "set[task]" sporadic_tasks nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (K const-decl "set[job]" sporadic_tasks nil) (lift type-decl nil lift_adt nil) (schedule type-eq-decl nil schedules nil) (pc nonempty-type-eq-decl nil programs nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (sch const-decl "schedule" traces nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (process_time_partition formula-decl nil schedules2 nil)) 533 500 nil nil)) (max_process_time_K 0 (max_process_time_K-1 nil 3243372903 3243372923 ("" (skosimp) (("" (use "partition_K") (("" (use "process_time_partition[task, job]") (("" (ground) (("" (replace*) (("" (delete -1 -2) (("" (use "equal_sum_le[task]") (("" (auto-rewrite "process_time_L" "A" "K" "L" "member" "prio") (("" (ground) (("" (delete -4) (("" (reduce :if-match nil) (("" (inst - "j!1`1") (("" (use "max_process_time_L") (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((partition_K formula-decl nil sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (max_process_time_L formula-decl nil sporadic_tasks nil) (member const-decl "bool" sets nil) (process_time_L formula-decl nil sporadic_tasks nil) nil (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (C formal-const-decl "[task -> posnat]" sporadic_tasks nil) (integer nonempty-type-from-decl nil integers nil) (<= const-decl "bool" reals nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (equal_sum_le formula-decl nil fsets_sum nil) (L const-decl "set[job]" sporadic_tasks nil) (A const-decl "set[task]" sporadic_tasks nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (K const-decl "set[job]" sporadic_tasks nil) (lift type-decl nil lift_adt nil) (schedule type-eq-decl nil schedules nil) (pc nonempty-type-eq-decl nil programs nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (sch const-decl "schedule" traces nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (process_time_partition formula-decl nil schedules2 nil)) 948 890 nil nil)) (not_busy_quiet 0 (not_busy_quiet-1 nil 3243372903 3243372924 ("" (skosimp) (("" (auto-rewrite "busy" "quiet" "ready_equiv" "finished_equiv") (("" (reduce) nil nil)) nil)) nil) proved-complete ((quiet const-decl "bool" sporadic_tasks nil) (finished_equiv formula-decl nil traces nil) nil (ready_equiv formula-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil)) 293 270 nil nil)) (quiet_step 0 (quiet_step-1 nil 3243372903 3243372924 ("" (expand "quiet") (("" (skosimp*) (("" (inst?) (("" (ground) (("1" (use "finished_stable" ("t2" "1+t!1")) (("1" (assert) nil nil)) nil) ("2" (expand "busy") (("2" (inst?) (("2" (use "ready_at_dispatch") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((pc nonempty-type-eq-decl nil programs nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (trace nonempty-type-eq-decl nil traces nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (finished_stable formula-decl nil traces nil) (ready_at_dispatch formula-decl nil traces nil) nil (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (quiet const-decl "bool" sporadic_tasks nil)) 309 280 nil nil)) (zero_is_quiet 0 (zero_is_quiet-1 nil 3243372903 3243372924 ("" (skolem!) (("" (grind) nil nil)) nil) proved-complete ((quiet const-decl "bool" sporadic_tasks nil) (finished const-decl "bool" traces nil) (finished const-decl "bool" priority_ceiling nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (complete const-decl "bool" programs nil)) 437 410 nil nil)) (busy_interval 0 (busy_interval-1 nil 3243372903 3243372927 ("" (skosimp) (("" (use "process_time_partition3" ("E" "K(p!1)" "E1" "{ j | prio(j) >= p!1 AND dispatch(j) < t1!1 }" "E2" "K(p!1, t1!1, t2!1)" "E3" "{ j | prio(j) >= p!1 AND t2!1 <= dispatch(j) }")) (("" (ground) (("1" (case "process_time(sch(u!1), t1!1, t2!1, {j: job | prio(j) >= p!1 AND dispatch(j) < t1!1}) = 0 AND process_time(sch(u!1), t1!1, t2!1, {j: job | prio(j) >= p!1 AND t2!1 <= dispatch(j)}) = 0") (("1" (ground) nil nil) ("2" (delete -1 2) (("2" (ground) (("1" (auto-rewrite "active_prop" "finished_equiv" "ready_equiv") (("1" (rewrite "zero_process_time") (("1" (skosimp) (("1" (forward-chain "active_ready") (("1" (expand "quiet") (("1" (inst?) (("1" (assert) (("1" (assert) (("1" (use "pc_increasing" ("t1" "t1!1" "t2" "t!1")) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (auto-rewrite "active_prop" "ready_equiv") (("2" (rewrite "zero_process_time") (("2" (skosimp) (("2" (forward-chain "active_ready") (("2" (assert) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 -2 2) (("2" (grind) (("2" (apply-extensionality :hide? t) (("2" (smash) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((process_time_partition3 formula-decl nil schedules nil) (set type-eq-decl nil sets nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (K const-decl "set[job]" traces nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (K const-decl "set[job]" sporadic_tasks nil) (<= const-decl "bool" reals nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (sch const-decl "schedule" traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (schedule type-eq-decl nil schedules nil) (lift type-decl nil lift_adt nil) (member const-decl "bool" sets nil) (intersection const-decl "set" sets nil) (empty? const-decl "bool" sets nil) (disjoint? const-decl "bool" sets nil) (union const-decl "set" sets nil) (partition2 const-decl "bool" sum_partitions nil) (partition3 const-decl "bool" sum_partitions nil) nil (zero_process_time formula-decl nil schedules nil) (active_prop formula-decl nil traces nil) (active_ready formula-decl nil traces nil) (pc_increasing formula-decl nil traces nil) (finished_equiv formula-decl nil traces nil) (ready_equiv formula-decl nil traces nil) (quiet const-decl "bool" sporadic_tasks nil)) 2500 2270 nil nil)) (busy_interval2 0 (busy_interval2-1 nil 3243372903 3243372927 ("" (skosimp) (("" (rewrite "busy_interval" :dir rl) (("" (rewrite "process_time_K") nil nil)) nil)) nil) proved-incomplete ((busy_interval formula-decl nil sporadic_tasks nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (pc nonempty-type-eq-decl nil programs nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (process_time_K formula-decl nil sporadic_tasks nil)) 234 180 nil nil)) (partial_cpu_usage 0 (partial_cpu_usage-1 nil 3243372903 3243372927 ("" (skolem!) (("" (lemma "cpu_usage") (("" (use "sum_subset[task]" ("A" "A(p!1)" "B" "fullset[task]")) (("" (assert) (("" (delete -1 2) (("" (grind :exclude ("A")) nil nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((cpu_usage formula-decl nil sporadic_tasks nil) (subset? const-decl "bool" sets nil) (member const-decl "bool" sets nil) (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (C formal-const-decl "[task -> posnat]" sporadic_tasks nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (numfield nonempty-type-eq-decl nil number_fields nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (fullset const-decl "set" sets nil) (A const-decl "set[task]" sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (sum_subset formula-decl nil fsets_sum nil)) 289 250 nil nil)) (smallest_bound 0 (smallest_bound-1 nil 3243372903 3243372928 ("" (skolem!) (("" (expand "bound") (("" (use "partial_cpu_usage") (("" (use "smallest_int_solution[task]" ("B1" "B(p!1)")) (("" (assert) (("" (expand* "G" "F") nil nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((bound const-decl "bool" sporadic_tasks nil) (smallest_int_solution formula-decl nil ceiling_equations nil) (B formal-const-decl "[priority -> nat]" sporadic_tasks nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (A const-decl "set[task]" sporadic_tasks nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (C formal-const-decl "[task -> posnat]" sporadic_tasks nil) (G const-decl "nonneg_real" ceiling_equations nil) (F const-decl "nonneg_real" ceiling_equations nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (partial_cpu_usage formula-decl nil sporadic_tasks nil)) 722 660 nil nil)) (M_TCC1 0 (M_TCC1-1 nil 3243372903 3243372928 ("" (inst + "lambda p: epsilon! d: bound(d, p) AND (FORALL (x: posreal): bound(x, p) IMPLIES d <= x)") (("" (skolem!) (("" (use "epsilon_ax[posnat]") (("" (auto-rewrite "smallest_bound") (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-incomplete ((smallest_bound formula-decl nil sporadic_tasks nil) (epsilon_ax formula-decl nil epsilons nil) (epsilon const-decl "T" epsilons nil) (pred type-eq-decl nil defined_types nil) (<= const-decl "bool" reals nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (bound const-decl "bool" sporadic_tasks nil) (posreal nonempty-type-eq-decl nil real_types nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 169 160 nil nil)) (solution_prop 0 (solution_prop-1 nil 3243372903 3243372929 ("" (skolem!) (("" (typepred "M(p!1)") (("" (delete -3) (("" (expand "bound") (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-incomplete ((M const-decl "{d | bound(d, p) AND (FORALL x: bound(x, p) IMPLIES d <= x)}" sporadic_tasks nil) (<= const-decl "bool" reals nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (bound const-decl "bool" sporadic_tasks nil) (posreal nonempty-type-eq-decl nil real_types nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (> const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) 349 330 nil nil)) (busy_period_prop 0 (busy_period_prop-1 nil 3243372903 3243372929 ("" (expand "busy_period") (("" (skosimp) (("" (forward-chain "not_busy_quiet") (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (not_busy_quiet formula-decl nil sporadic_tasks nil) (busy_period const-decl "bool" sporadic_tasks nil)) 139 120 nil nil)) (critical_interval 0 (critical_interval-1 nil 3243372903 3243372931 ("" (skosimp) (("" (case "busy(u!1, p!1, t1!1, t1!1+M(p!1))") (("1" (auto-rewrite "solution_prop") (("1" (use "busy_time2") (("1" (use "busy_interval2") (("1" (assert) (("1" (use "blocking_bound") (("1" (inst + "M(p!1) + t1!1") (("1" (assert) (("1" (expand "quiet") (("1" (skosimp) (("1" (auto-rewrite "member" "K" "busy_interval") (("1" (use "max_process_time_K" ("t1" "t1!1" "t2" "M(p!1) + t1!1")) (("1" (ground) (("1" (assert) (("1" (inst?) (("1" (assert) (("1" (use "finished_stable" ("t1" "t1!1" "t2" "M(p!1) + t1!1")) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (case "busy(u!1, p!1, t1!1)") (("1" (assert) (("1" (expand "busy" +) (("1" (skosimp) (("1" (inst + "t!1") (("1" (assert) (("1" (auto-rewrite "not_busy_quiet") (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete 2) (("2" (inst + "t1!1+1") (("2" (ground) (("2" (forward-chain "quiet_step") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((M const-decl "{d | bound(d, p) AND (FORALL x: bound(x, p) IMPLIES d <= x)}" sporadic_tasks nil) (<= const-decl "bool" reals nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (bound const-decl "bool" sporadic_tasks nil) (posreal nonempty-type-eq-decl nil real_types nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) nil (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (busy_time2 formula-decl nil traces nil) (solution_prop formula-decl nil sporadic_tasks nil) (quiet const-decl "bool" sporadic_tasks nil) (busy_interval formula-decl nil sporadic_tasks nil) (member const-decl "bool" sets nil) (K const-decl "set[job]" sporadic_tasks nil) (finished_stable formula-decl nil traces nil) (max_process_time_K formula-decl nil sporadic_tasks nil) (blocking_bound formula-decl nil sporadic_tasks nil) (busy_interval2 formula-decl nil sporadic_tasks nil) (quiet_step formula-decl nil sporadic_tasks nil) (not_busy_quiet formula-decl nil sporadic_tasks nil) nil) 1745 1640 nil nil)) (delay_to_quiet_time 0 (delay_to_quiet_time-1 nil 3243372903 3243372931 ("" (skosimp) (("" (use "wf_nat") (("" (expand "well_founded?") (("" (inst - "{ n | EXISTS t: t + n = t!1 AND quiet(u!1, p!1, t) }") (("" (ground) (("1" (skosimp* :preds? t) (("1" (assert) (("1" (forward-chain "critical_interval") (("1" (skosimp) (("1" (inst + "t2!1") (("1" (ground) (("1" (inst - "t!1 - t2!1") (("1" (assert) nil nil) ("2" (inst?) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (auto-rewrite "zero_is_quiet") (("2" (inst + "t!1") (("2" (inst + "0") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((wf_nat formula-decl nil naturalnumbers nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pred type-eq-decl nil defined_types nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (pc nonempty-type-eq-decl nil programs nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (trace nonempty-type-eq-decl nil traces nil) (quiet const-decl "bool" sporadic_tasks nil) (zero_is_quiet formula-decl nil sporadic_tasks nil) (NOT const-decl "[bool -> bool]" booleans nil) (critical_interval formula-decl nil sporadic_tasks nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) nil nil nil (well_founded? const-decl "bool" orders nil)) 768 720 nil nil)) (busy_period_length 0 (busy_period_length-1 nil 3243372903 3243372932 ("" (expand "busy_period") (("" (skosimp) (("" (forward-chain "critical_interval") (("" (skosimp) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (critical_interval formula-decl nil sporadic_tasks nil) (busy_period const-decl "bool" sporadic_tasks nil)) 276 260 nil nil)) (job_in_busy_period 0 (job_in_busy_period-1 nil 3243372903 3243374905 ("" (skosimp) (("" (lemma "wf_nat") (("" (expand "well_founded?") (("" (inst-cp - "{ n | EXISTS t: t = dispatch(j!1) - n AND quiet(u!1, p!1, t) }") (("" (reduce :if-match nil) (("1" (name "t!1" "dispatch(j!1) - y!1") (("1" (inst - "{ t | dispatch(j!1) < t AND quiet(u!1, p!1, t) }") (("1" (reduce :if-match nil) (("1" (inst + "t!1" "y!2") (("1" (assert) (("1" (expand "busy_period") (("1" (ground) (("1" (case-replace "t!1 = dispatch(j!1)") (("1" (expand "busy") (("1" (inst?) (("1" (auto-rewrite "ready_at_dispatch") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (replace -3 - rl) (("2" (replace -3 -) (("2" (forward-chain "quiet_step") (("2" (assert) (("2" (inst -8 "y!1 - 1") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (skosimp) (("2" (case "t!2 <= dispatch(j!1)") (("1" (inst -11 "dispatch(j!1) - t!2") (("1" (assert) nil nil) ("2" (assert) nil nil)) nil) ("2" (assert) (("2" (inst - "t!2") nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 -2 -3 -4 2) (("2" (use "delay_to_quiet_time" ("t" "dispatch(j!1)")) (("2" (reduce :if-match nil) (("2" (inst?) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 -2 2) (("2" (auto-rewrite "zero_is_quiet") (("2" (inst + "dispatch(j!1)") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((wf_nat formula-decl nil naturalnumbers nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pred type-eq-decl nil defined_types nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (pc nonempty-type-eq-decl nil programs nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (quiet const-decl "bool" sporadic_tasks nil) (zero_is_quiet formula-decl nil sporadic_tasks nil) (quiet_step formula-decl nil sporadic_tasks nil) nil (ready_at_dispatch formula-decl nil traces nil) (<= const-decl "bool" reals nil) nil nil nil nil (busy_period const-decl "bool" sporadic_tasks nil) (delay_to_quiet_time formula-decl nil sporadic_tasks nil) (NOT const-decl "[bool -> bool]" booleans nil) (well_founded? const-decl "bool" orders nil)) 260421 10980 t nil)) (termination1 0 (termination1-1 nil 3243372903 3243372934 ("" (skosimp) (("" (use "delay_to_quiet_time") (("" (skosimp) (("" (expand "quiet") (("" (inst?) (("" (assert) (("" (use "finished_stable" ("t2" "M(p!1) + dispatch(j!1)")) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((delay_to_quiet_time formula-decl nil sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (quiet const-decl "bool" sporadic_tasks nil) (finished_stable formula-decl nil traces nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (posreal nonempty-type-eq-decl nil real_types nil) (bound const-decl "bool" sporadic_tasks nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (M const-decl "{d | bound(d, p) AND (FORALL x: bound(x, p) IMPLIES d <= x)}" sporadic_tasks nil)) 372 350 nil nil)) (schedulability1 0 (schedulability1-1 nil 3243372903 3243372934 ("" (skosimp*) (("" (inst - "j!1`1") (("" (use "termination1") (("" (assert) (("" (auto-rewrite "prio") (("" (assert) (("" (use "finished_stable" ("t2" "deadline(j!1)")) (("" (auto-rewrite "deadline") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (job nonempty-type-eq-decl nil tasks_and_jobs nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (posreal nonempty-type-eq-decl nil real_types nil) (bound const-decl "bool" sporadic_tasks nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (M const-decl "{d | bound(d, p) AND (FORALL x: bound(x, p) IMPLIES d <= x)}" sporadic_tasks nil) (finished_stable formula-decl nil traces nil) (deadline const-decl "nat" sporadic_tasks nil) (pc nonempty-type-eq-decl nil programs nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" sporadic_tasks nil) (dispatch formal-const-decl "[job -> nat]" sporadic_tasks nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (termination1 formula-decl nil sporadic_tasks nil)) 507 480 nil nil)) (schedulability_criterion 0 (schedulability_criterion-1 nil 3243372903 3243372936 ("" (skosimp) (("" (rewrite "schedulability1") (("" (delete 2) (("" (skolem!) (("" (inst? -3) (("" (skosimp) (("" (case "bound(M!1, prio(i!1))") (("1" (delete -2 -3 -4) (("1" (typepred "M(prio(i!1))") (("1" (inst - "M!1") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (delete 2) (("2" (expand* "B" "bound") (("2" (case-replace "A(prio(i!1)) = add(i!1, H(i!1))") (("1" (auto-rewrite "sum_add" "member" "H" "div_simp") (("1" (assert) (("1" (case-replace "ceiling(M!1 / T(i!1)) = 1") (("1" (assert) nil nil) ("2" (delete -1 -2 -4 2) (("2" (inst?) (("2" (use "both_sides_div_pos_le1" ("pz" "T(i!1)" "x" "M!1" "y" "T(i!1)")) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -2 -3 -4 2) (("2" (apply-extensionality :hide? t) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((schedulability1 formula-decl nil sporadic_tasks nil) (set type-eq-decl nil sets nil) (= const-decl "[T, T -> boolean]" equalities nil) (A const-decl "set[task]" sporadic_tasks nil) (nonempty? const-decl "bool" sets nil) (add const-decl "(nonempty?)" sets nil) (H const-decl "set[task]" sporadic_tasks nil) (sum_add formula-decl nil fsets_sum nil) (both_sides_div_pos_le1 formula-decl nil real_props nil) (div_simp formula-decl nil real_props nil) (integer nonempty-type-from-decl nil integers nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (T formal-const-decl "[task -> posnat]" sporadic_tasks nil) (member const-decl "bool" sets nil) (B const-decl "nat" sporadic_tasks nil) (NOT const-decl "[bool -> bool]" booleans nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (M const-decl "{d | bound(d, p) AND (FORALL x: bound(x, p) IMPLIES d <= x)}" sporadic_tasks nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (posreal nonempty-type-eq-decl nil real_types nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (bound const-decl "bool" sporadic_tasks nil) (prio formal-const-decl "[task -> priority]" sporadic_tasks nil) (task nonempty-type-eq-decl nil tasks_and_jobs nil) (nbtasks formal-const-decl "posnat" sporadic_tasks nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 1884 1800 nil nil))) $$$indexed_partitions.pvs indexed_partitions [T, U: TYPE ] : THEORY BEGIN A, B, C: VAR set[T] X, Y, Z: VAR set[U] F: VAR [T -> set[U]] a, b, c: VAR T x, y, z: VAR U %-------------------------------------------------------- % Union and intersection of a family F(a) for a in A %-------------------------------------------------------- union(A, F): set[U] = { x | EXISTS (a: (A)): F(a)(x) } inter(A, F): set[U] = { x | FORALL (a: (A)): F(a)(x) } union_upper_bound: LEMMA FORALL (a: (A)): subset?(F(a), union(A, F)) inter_lower_bound: LEMMA FORALL (a: (A)): subset?(inter(A, F), F(a)) union_least_upper_bound: LEMMA subset?(union(A, F), X) IFF FORALL (a: (A)): subset?(F(a), X) inter_least_upper_bound: LEMMA subset?(X, inter(A, F)) IFF FORALL (a: (A)): subset?(X, F(a)) union_emptyset: LEMMA union(emptyset, F) = emptyset union_empty: LEMMA empty?(A) IMPLIES empty?(union(A, F)) inter_emptyset: LEMMA inter(emptyset, F) = fullset %---------------------------------------- % Finiteness of union and intersection %---------------------------------------- IMPORTING finite_sets@finite_sets_inductions G: VAR [T -> finite_set[U]] D: VAR finite_set[T] E: VAR (nonempty?[T]) finite_inter: LEMMA (EXISTS (a: (A)): is_finite(F(a))) IMPLIES is_finite(inter(A, F)) inter_is_finite: JUDGEMENT inter(E, G) HAS_TYPE finite_set[U] union_is_finite: JUDGEMENT union(D, G) HAS_TYPE finite_set[U] %-------------- % Partitions %-------------- partition(X)(A, F): bool = X = union(A, F) AND FORALL (a, b: (A)): a = b OR disjoint?(F(a), F(b)) END indexed_partitions $$$indexed_partitions.prf (indexed_partitions (union_upper_bound 0 (union_upper_bound-1 nil 3243372899 3243373078 ("" (grind) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (T formal-type-decl nil indexed_partitions nil) (set type-eq-decl nil sets nil) (member const-decl "bool" sets nil) (union const-decl "set[U]" indexed_partitions nil) (subset? const-decl "bool" sets nil)) 95 80 nil nil)) (inter_lower_bound 0 (inter_lower_bound-1 nil 3243372899 3243373078 ("" (grind) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (T formal-type-decl nil indexed_partitions nil) (set type-eq-decl nil sets nil) (inter const-decl "set[U]" indexed_partitions nil) (member const-decl "bool" sets nil) (subset? const-decl "bool" sets nil)) 98 60 nil nil)) (union_least_upper_bound 0 (union_least_upper_bound-1 nil 3243372899 3243373078 ("" (grind) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (T formal-type-decl nil indexed_partitions nil) (set type-eq-decl nil sets nil) (U formal-type-decl nil indexed_partitions nil) (union const-decl "set[U]" indexed_partitions nil) (member const-decl "bool" sets nil) (subset? const-decl "bool" sets nil)) 194 170 nil nil)) (inter_least_upper_bound 0 (inter_least_upper_bound-1 nil 3243372899 3243373078 ("" (grind) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (T formal-type-decl nil indexed_partitions nil) (set type-eq-decl nil sets nil) (U formal-type-decl nil indexed_partitions nil) (member const-decl "bool" sets nil) (inter const-decl "set[U]" indexed_partitions nil) (subset? const-decl "bool" sets nil)) 181 150 nil nil)) (union_emptyset 0 (union_emptyset-1 nil 3243372899 3243373078 ("" (skolem!) (("" (apply-extensionality :hide? t) (("" (grind) nil nil)) nil)) nil) proved ((U formal-type-decl nil indexed_partitions nil) (boolean nonempty-type-decl nil booleans nil) (emptyset const-decl "set" sets nil) (union const-decl "set[U]" indexed_partitions nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (T formal-type-decl nil indexed_partitions nil) (NOT const-decl "[bool -> bool]" booleans nil)) 94 90 nil nil)) (union_empty 0 (union_empty-1 nil 3243372899 3243373078 ("" (grind) nil nil) proved ((set type-eq-decl nil sets nil) (T formal-type-decl nil indexed_partitions nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (member const-decl "bool" sets nil) (empty? const-decl "bool" sets nil) (union const-decl "set[U]" indexed_partitions nil)) 99 90 nil nil)) (inter_emptyset 0 (inter_emptyset-1 nil 3243372899 3243373079 ("" (skolem!) (("" (apply-extensionality :hide? t) (("" (grind) nil nil)) nil)) nil) proved ((U formal-type-decl nil indexed_partitions nil) (boolean nonempty-type-decl nil booleans nil) (fullset const-decl "set" sets nil) (emptyset const-decl "set" sets nil) (inter const-decl "set[U]" indexed_partitions nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (T formal-type-decl nil indexed_partitions nil) (NOT const-decl "[bool -> bool]" booleans nil)) 90 80 nil nil)) (finite_inter 0 (finite_inter-1 nil 3243372899 3243373402 ("" (skosimp*) (("" (use "inter_lower_bound") (("" (forward-chain "finite_subset[U]") nil nil)) nil)) nil) proved ((inter_lower_bound formula-decl nil indexed_partitions nil) (U formal-type-decl nil indexed_partitions nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (T formal-type-decl nil indexed_partitions nil) (inter const-decl "set[U]" indexed_partitions nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_subset formula-decl nil finite_sets_def nil)) 265458 1700 t nil)) (inter_is_finite 0 (inter_is_finite-1 nil 3243372899 3243373079 ("" (skolem-typepred) (("" (rewrite "finite_inter") (("" (delete 2) (("" (grind) nil nil)) nil)) nil)) nil) proved ((finite_inter formula-decl nil indexed_partitions nil) (U formal-type-decl nil indexed_partitions nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (member const-decl "bool" sets nil) (empty? const-decl "bool" sets nil) (nonempty? const-decl "bool" sets nil) (set type-eq-decl nil sets nil) (T formal-type-decl nil indexed_partitions nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) 113 90 nil nil)) (union_is_finite 0 (union_is_finite-1 nil 3243372899 3243373079 ("" (skolem + (_ "G!1")) (("" (auto-rewrite "nonempty?" "union_emptyset" "finite_union[U]") (("" (induct "D" :name "finite_set_induction_rest[T]") (("1" (assert) nil nil) ("2" (skosimp) (("2" (case-replace "union(SS!1, G!1) = union(G!1(choose(SS!1)), union(rest(SS!1), G!1))") (("1" (assert) nil nil) ("2" (delete -1 2) (("2" (auto-rewrite "union" "rest" "remove" "member") (("2" (apply-extensionality :hide? t) (("2" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((member const-decl "bool" sets nil) (a!1 skolem-const-decl "(remove(choose(SS!1), SS!1))" indexed_partitions nil) (SS!1 skolem-const-decl "non_empty_finite_set[T]" indexed_partitions nil) (remove const-decl "set" sets nil) (finite_union subtype-tcc nil finite_sets_def nil) (rest const-decl "set" sets nil) (choose const-decl "(p)" sets nil) (union const-decl "set" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (nonempty? const-decl "bool" sets nil) (union_emptyset formula-decl nil indexed_partitions nil) (finite_set_induction_rest formula-decl nil finite_sets_inductions "finite_sets/") (T formal-type-decl nil indexed_partitions nil) (union const-decl "set[U]" indexed_partitions nil) (U formal-type-decl nil indexed_partitions nil) (pred type-eq-decl nil defined_types nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) 277 260 nil nil))) $$$sum_indexed_partitions.pvs sum_indexed_partitions [T, U: TYPE] : THEORY BEGIN IMPORTING indexed_partitions, sum_sequences, fsets_sum F: VAR [T -> set[U]] A: VAR finite_set[T] X: VAR set[U] u: VAR [nat -> U] i: VAR T t1, t2: VAR nat sum_partition: LEMMA partition(X)(A, F) IMPLIES sum(u, t1, t2, X) = sum(A, lambda i: sum(u, t1, t2, F(i))) END sum_indexed_partitions $$$sum_indexed_partitions.prf (|sum_indexed_partitions| (|sum_partition_TCC1| "" (ASSUMING-TCC) NIL NIL) (|sum_partition_TCC2| "" (ASSUMING-TCC) NIL NIL) (|sum_partition| "" (SKOLEM + (_ "F!1" _ "t1!1" "t2!1" "u!1")) (("" (AUTO-REWRITE "sum_emptyset" "sum" "partition" "nonempty?" "union_emptyset" "union_upper_bound") (("" (INDUCT "A" :NAME "finite_set_induction_rest[T]") (("1" (REDUCE) (("1" (REWRITE "sum_emptyset[T, real, 0, +]") NIL NIL)) NIL) ("2" (SKOSIMP*) (("2" (INST - "difference(X!1, F!1(choose(SS!1)))") (("2" (GROUND) (("1" (REWRITE "sum_diff_subset") (("1" (ASSERT) NIL NIL) ("2" (DELETE -1 2) (("2" (GRIND :EXCLUDE ("choose")) NIL NIL)) NIL)) NIL) ("2" (DELETE 2) (("2" (GROUND) (("1" (APPLY-EXTENSIONALITY :HIDE? T) (("1" (GRIND :EXCLUDE "choose") NIL NIL)) NIL) ("2" (AUTO-REWRITE "rest" "remove" "member") (("2" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) $$$schedules2.pvs schedules2 [ index, job: TYPE ]: THEORY BEGIN IMPORTING schedules, sum_indexed_partitions sch: VAR schedule[job] t1, t2: VAR nat E: VAR set[job] A: VAR finite_set[index] F: VAR [index -> set[job]] i: VAR index process_time_partition: LEMMA partition(E)(A, F) IMPLIES process_time(sch, t1, t2, E) = sum(A, lambda i: process_time(sch, t1, t2, F(i))) END schedules2 $$$schedules2.prf (|schedules2| (|process_time_partition_TCC1| "" (ASSUMING-TCC) NIL NIL) (|process_time_partition_TCC2| "" (ASSUMING-TCC) NIL NIL) (|process_time_partition| "" (SKOSIMP) (("" (EXPAND "process_time") (("" (REWRITE "sum_partition") (("" (DELETE 2) (("" (GRIND) (("" (DELETE -) (("" (APPLY-EXTENSIONALITY :HIDE? T) (("" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) $$$schedules3.pvs schedules3 [job: TYPE] : THEORY BEGIN IMPORTING schedules2 sch: VAR schedule[job] t1, t2: VAR nat A: VAR finite_set[job] j: VAR job process_time_finite_set: LEMMA process_time(sch, t1, t2, A) = sum(A, lambda j: process_time(sch, t1, t2, j)) END schedules3 $$$schedules3.prf (|schedules3| (|process_time_finite_set_TCC1| "" (ASSUMING-TCC) NIL NIL) (|process_time_finite_set_TCC2| "" (ASSUMING-TCC) NIL NIL) (|process_time_finite_set| "" (SKOLEM!) (("" (EXPAND "process_time" 1 2) (("" (REWRITE "process_time_partition") (("" (DELETE 2) (("" (GRIND) (("" (APPLY-EXTENSIONALITY :HIDE? T) (("" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) $$$fsets_minmax.pvs %--------------------------------------------------- % Minimum/Maximum of a function over a finite set %--------------------------------------------------- fsets_minmax [T:TYPE] : THEORY BEGIN IMPORTING finite_sets@finite_sets_inductions S: VAR finite_set[T] A, B: VAR non_empty_finite_set[T] t: VAR T f, g: VAR [T -> real] x, y: VAR real %--------------------------------------- % x is the minimum of f(t) for t in S %-------------------------------------- minimum(S, f, x): bool = (EXISTS (t: (S)): x = f(t)) AND (FORALL (t: (S)): x <= f(t)) unique_minimum: LEMMA minimum(S, f, x) AND minimum(S, f, y) IMPLIES x = y minimum_exists: LEMMA EXISTS x: minimum(A, f, x) min(A, f): { x | minimum(A, f, x) } min_prop1: LEMMA FORALL (t: (A)): min(A, f) <= f(t) min_prop2: LEMMA EXISTS (t: (A)): min(A, f) = f(t) min_def: LEMMA min(A, f) = x IFF (EXISTS (t: (A)): x = f(t)) AND (FORALL (t: (A)): x <= f(t)) min_nnreal: JUDGEMENT min(A, (f: [T -> nonneg_real])) HAS_TYPE nonneg_real min_npreal: JUDGEMENT min(A, (f: [T -> nonpos_real])) HAS_TYPE nonpos_real min_posreal: JUDGEMENT min(A, (f: [T -> posreal])) HAS_TYPE posreal min_negreal: JUDGEMENT min(A, (f: [T -> negreal])) HAS_TYPE negreal min_rat: JUDGEMENT min(A, (f: [T -> rat])) HAS_TYPE rat min_nnrat: JUDGEMENT min(A, (f: [T -> nonneg_rat])) HAS_TYPE nonneg_rat min_nprat: JUDGEMENT min(A, (f: [T -> nonpos_rat])) HAS_TYPE nonpos_rat min_posrat: JUDGEMENT min(A, (f: [T -> posrat])) HAS_TYPE posrat min_negrat: JUDGEMENT min(A, (f: [T -> negrat])) HAS_TYPE negrat min_int: JUDGEMENT min(A, (f: [T -> int])) HAS_TYPE int min_nat: JUDGEMENT min(A, (f: [T -> nat])) HAS_TYPE nat min_npint: JUDGEMENT min(A, (f: [T -> nonpos_int])) HAS_TYPE nonpos_int min_posnat: JUDGEMENT min(A, (f: [T -> posnat])) HAS_TYPE posnat min_negint: JUDGEMENT min(A, (f: [T -> negint])) HAS_TYPE negint %--------------------------------------- % x is the maximum of f(t) for t in S %-------------------------------------- maximum(S, f, x): bool = (EXISTS (t: (S)): x = f(t)) AND (FORALL (t: (S)): f(t) <= x) unique_maximum: LEMMA maximum(S, f, x) AND maximum(S, f, y) IMPLIES x = y maximum_exists: LEMMA EXISTS x: maximum(A, f, x) max(A, f): { x | maximum(A, f, x) } max_prop1: LEMMA FORALL (t: (A)): f(t) <= max(A, f) max_prop2: LEMMA EXISTS (t: (A)): max(A, f) = f(t) max_def: LEMMA max(A, f) = x IFF (EXISTS (t: (A)): x = f(t)) AND (FORALL (t: (A)): f(t) <= x) max_nnreal: JUDGEMENT max(A, (f: [T -> nonneg_real])) HAS_TYPE nonneg_real max_npreal: JUDGEMENT max(A, (f: [T -> nonpos_real])) HAS_TYPE nonpos_real max_posreal: JUDGEMENT max(A, (f: [T -> posreal])) HAS_TYPE posreal max_negreal: JUDGEMENT max(A, (f: [T -> negreal])) HAS_TYPE negreal max_rat: JUDGEMENT max(A, (f: [T -> rat])) HAS_TYPE rat max_nnrat: JUDGEMENT max(A, (f: [T -> nonneg_rat])) HAS_TYPE nonneg_rat max_nprat: JUDGEMENT max(A, (f: [T -> nonpos_rat])) HAS_TYPE nonpos_rat max_posrat: JUDGEMENT max(A, (f: [T -> posrat])) HAS_TYPE posrat max_negrat: JUDGEMENT max(A, (f: [T -> negrat])) HAS_TYPE negrat max_int: JUDGEMENT max(A, (f: [T -> int])) HAS_TYPE int max_nat: JUDGEMENT max(A, (f: [T -> nat])) HAS_TYPE nat max_npint: JUDGEMENT max(A, (f: [T -> nonpos_int])) HAS_TYPE nonpos_int max_posnat: JUDGEMENT max(A, (f: [T -> posnat])) HAS_TYPE posnat max_negint: JUDGEMENT max(A, (f: [T -> negint])) HAS_TYPE negint END fsets_minmax $$$fsets_minmax.prf (|fsets_minmax| (|unique_minimum| "" (SKOLEM!) (("" (GRIND :IF-MATCH NIL) (("" (INST - "t!2") (("" (INST - "t!1") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|minimum_exists| "" (SKOLEM + (_ "f!1")) (("" (INDUCT "A" :NAME "nonempty_finite_set_induct[T]") (("1" (SKOLEM!) (("1" (INST + "f!1(e!1)") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (SKOSIMP*) (("2" (INST + "min(x!1, f!1(e!1))") (("2" (GRIND :IF-MATCH NIL) (("1" (INST? :IF-MATCH ALL) (("1" (ASSERT) NIL NIL)) NIL) ("2" (INST?) NIL NIL) ("3" (INST? + :IF-MATCH ALL) NIL NIL) ("4" (INST? + :IF-MATCH ALL) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|min_TCC1| "" (INST + "lambda A, f: epsilon! x: minimum(A, f, x)") (("" (SKOLEM!) (("" (USE "epsilon_ax[real]") (("" (AUTO-REWRITE "minimum_exists") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|min_prop1| "" (SKOLEM!) (("" (TYPEPRED "min(A!1, f!1)") (("" (GRIND) NIL NIL)) NIL)) NIL) (|min_prop2| "" (SKOLEM!) (("" (TYPEPRED "min(A!1, f!1)") (("" (GRIND) NIL NIL)) NIL)) NIL) (|min_def| "" (SKOLEM!) (("" (REWRITE "minimum" :DIR RL) (("" (GROUND) (("" (TYPEPRED "min(A!1, f!1)") (("" (USE "unique_minimum") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|min_nnreal| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL NIL)) NIL)) NIL) (|min_npreal| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|min_posreal| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|min_negreal| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|min_rat| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|min_nnrat| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|min_nprat| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|min_posrat| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|min_negrat| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|min_int| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|min_nat| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|min_npint| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|min_posnat| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|min_negint| "" (SKOLEM!) (("" (USE "min_prop2") (("" (REDUCE) NIL))))) (|unique_maximum| "" (SKOLEM!) (("" (GRIND :IF-MATCH NIL) (("" (INST - "t!2") (("" (INST - "t!1") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|maximum_exists| "" (SKOLEM + (_ "f!1")) (("" (INDUCT "A" :NAME "nonempty_finite_set_induct[T]") (("1" (SKOLEM!) (("1" (INST + "f!1(e!1)") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (SKOSIMP*) (("2" (INST + "max(x!1, f!1(e!1))") (("2" (GRIND :IF-MATCH NIL) (("1" (INST? :IF-MATCH ALL) (("1" (ASSERT) NIL NIL)) NIL) ("2" (INST?) NIL NIL) ("3" (INST? + :IF-MATCH ALL) NIL NIL) ("4" (INST? + :IF-MATCH ALL) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|max_TCC1| "" (INST + "lambda A, f: epsilon! x: maximum(A, f, x)") (("" (AUTO-REWRITE "maximum_exists") (("" (SKOLEM!) (("" (USE "epsilon_ax[real]") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|max_prop1| "" (SKOLEM!) (("" (TYPEPRED "max(A!1, f!1)") (("" (GRIND) NIL NIL)) NIL)) NIL) (|max_prop2| "" (SKOLEM!) (("" (TYPEPRED "max(A!1, f!1)") (("" (GRIND) NIL NIL)) NIL)) NIL) (|max_def| "" (SKOLEM!) (("" (REWRITE "maximum" :DIR RL) (("" (GROUND) (("" (TYPEPRED "max(A!1, f!1)") (("" (USE "unique_maximum") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|max_nnreal| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_npreal| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_posreal| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_negreal| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_rat| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_nnrat| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_nprat| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_posrat| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_negrat| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_int| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_nat| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_npint| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_posnat| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL))))) (|max_negint| "" (SKOLEM!) (("" (USE "max_prop2") (("" (REDUCE) NIL)))))) $$$ceiling_equations.pvs %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Equations of the form % % % % Sum C_i * ceiling(x/T_i) + B = x % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ceiling_equations[U: TYPE] : THEORY BEGIN IMPORTING fsets_sum[U], fsets_minmax[U] %% IMPORTING fsets_sum, fsets_minmax sould work but judgements are not visible i: VAR U A: VAR finite_set[U] E: VAR non_empty_finite_set[U] C, T: VAR [U -> posreal] B: VAR nonneg_real x, y: VAR nonneg_real c, z, w: VAR posreal n, m: VAR nat %---------------------------------- % F(C, T, x): a term in the sum %---------------------------------- F(C, T, x)(i): nonneg_real = C(i) * ceiling(x / T(i)) low_F1: LEMMA x * (C(i) / T(i)) <= F(C, T, x)(i) low_F2: LEMMA C(i) <= F(C, T, z)(i) high_F: LEMMA F(C, T, x)(i) < C(i) + x * (C(i) / T(i)) increasing_F: LEMMA x <= y IMPLIES F(C, T, x)(i) <= F(C, T, y)(i) increasing_F2: LEMMA x <= y IMPLIES F(C, T, x)(i) = F(C, T, y)(i) OR F(C, T, x)(i) + C(i) <= F(C, T, y)(i) F_zero: LEMMA F(C, T, 0)(i) = 0 F_posreal: JUDGEMENT F(C, T, z) HAS_TYPE [U -> posreal] %------------------------------------- % G(A, C, T, x): the sum for i in A %------------------------------------- G(A, C, T, x): nonneg_real = sum(A, F(C, T, x)) low_G1: LEMMA x * sum(A, lambda i: C(i)/T(i)) <= G(A, C, T, x) low_G2: LEMMA sum(A, C) <= G(A, C, T, z) high_G1: LEMMA G(A, C, T, x) <= x * sum(A, lambda i: C(i)/T(i)) + sum(A, C) high_G2: LEMMA not empty?(A) IMPLIES G(A, C, T, x) < x * sum(A, lambda i: C(i)/T(i)) + sum(A, C) increasing_G: LEMMA x <= y IMPLIES G(A, C, T, x) <= G(A, C, T, y) increasing_G2: LEMMA x <= y IMPLIES G(A, C, T, x) = G(A, C, T, y) OR (EXISTS i: A(i) AND G(A, C, T, x) + C(i) <= G(A, C, T, y)) G_zero: LEMMA G(A, C, T, 0) = 0 G_empty: LEMMA empty?(A) IMPLIES G(A, C, T, x) = 0 G_posreal: JUDGEMENT G(E, C, T, z) HAS_TYPE posreal %--------------------------------- % u(0) = B + sum(E, C) % u(n+1) = B + G(E, C, T, u(n)) %--------------------------------- u(E, B, C, T)(n): RECURSIVE posreal = IF n=0 THEN B + sum(E, C) ELSE B + G(E, C, T, u(E, B, C, T)(n - 1)) ENDIF MEASURE n increasing_u1: LEMMA u(E, B, C, T)(n) <= u(E, B, C, T)(n + 1) increasing_u2: LEMMA u(E, B, C, T)(n) = u(E, B, C, T)(n+1) OR EXISTS i: E(i) AND u(E, B, C, T)(n) + C(i) <= u(E, B, C, T)(n + 1) increasing_u3: LEMMA n <= m IMPLIES u(E, B, C, T)(n) <= u(E, B, C, T)(m) fixed_point: LEMMA (EXISTS n: u(E, B, C, T)(n + 1) = u(E, B, C, T)(n)) OR (EXISTS c: FORALL n: u(E, B, C, T)(n) >= n * c + B + sum(E, C)) least_fixed_point: LEMMA B + G(E, C, T, z) = z IMPLIES FORALL n: u(E, B, C, T)(n) <= z fixed_point_prop: LEMMA z < u(E, B, C, T)(n) IMPLIES z < B + G(E, C, T, z) %-------------------------- % Existence of solutions %-------------------------- upper_bound1: LEMMA sum(E, lambda i: C(i)/T(i)) < 1 IMPLIES EXISTS z: G(E, C, T, z) + B <= z upper_bound2: LEMMA sum(E, lambda i: C(i)/T(i)) < 1 IMPLIES EXISTS z: FORALL n: u(E, B, C, T)(n) <= z fixed_point_exists: LEMMA sum(E, lambda i: C(i)/T(i)) < 1 IMPLIES EXISTS n: u(E, B, C, T)(n + 1) = u(E, B, C, T)(n) %-------------------- % Main results %-------------------- solution_exists: LEMMA sum(E, lambda i: C(i)/T(i)) < 1 IMPLIES EXISTS z: G(E, C, T, z) + B = z smallest_solution: LEMMA sum(E, lambda i: C(i)/T(i)) < 1 IMPLIES EXISTS z: G(E, C, T, z) + B = z AND FORALL w: G(E, C, T, w) + B = w IMPLIES z <= w smallest_solution2: LEMMA sum(E, lambda i: C(i)/T(i)) < 1 IMPLIES EXISTS z: G(E, C, T, z) + B = z AND (FORALL w: G(E, C, T, w) + B <= w IMPLIES z <= w) %--------------------------------------------------- % Case when C(i) and T(i) are posnat and B is nat %--------------------------------------------------- C1, T1: VAR [U -> posnat] B1: VAR nat q: VAR posnat integer_solution: LEMMA sum(E, lambda i: C1(i)/T1(i)) < 1 IMPLIES EXISTS q: G(E, C1, T1, q) + B1 = q smallest_int_solution: LEMMA sum(E, lambda i: C1(i)/T1(i)) < 1 IMPLIES EXISTS q: G(E, C1, T1, q) + B1 = q AND FORALL w: G(E, C1, T1, w) + B1 = w IMPLIES q <= w smallest_int_solution2: LEMMA sum(E, lambda i: C1(i)/T1(i)) < 1 IMPLIES EXISTS q: G(E, C1, T1, q) + B1 = q AND (FORALL w: G(E, C1, T1, w) + B1 <= w IMPLIES q <= w) END ceiling_equations $$$ceiling_equations.prf (ceiling_equations (low_F1 0 (low_F1-1 nil 3237060216 nil ("" (expand "F") (("" (skolem!) (("" (use "both_sides_times_pos_le1" ("pz" "C!1(i!1)" "x" "x!1/T!1(i!1)" "y" "ceiling(x!1 / T!1(i!1))")) (("" (assert) nil nil)) nil)) nil)) nil) proved-complete ((F const-decl "nonneg_real" ceiling_equations nil) (both_sides_times_pos_le1 formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (U formal-type-decl nil ceiling_equations nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (/ const-decl "[real, nzreal -> real]" reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (integer nonempty-type-from-decl nil integers nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (< const-decl "bool" reals nil) (+ const-decl "[real, real -> real]" reals nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil)) nil nil nil nil)) (low_F2 0 (low_F2-1 nil 3237060216 nil ("" (expand "F") (("" (skolem!) (("" (use "both_sides_times_pos_le2" ("pz" "C!1(i!1)" "x" "1" "y" "ceiling(z!1 / T!1(i!1))")) (("" (assert) nil nil)) nil)) nil)) nil) proved-complete ((F const-decl "nonneg_real" ceiling_equations nil) (both_sides_times_pos_le2 formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (U formal-type-decl nil ceiling_equations nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (integer nonempty-type-from-decl nil integers nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (< const-decl "bool" reals nil) (+ const-decl "[real, real -> real]" reals nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (/ const-decl "[real, nzreal -> real]" reals nil)) nil nil nil nil)) (high_F 0 (high_F-1 nil 3237060216 nil ("" (expand "F") (("" (skolem!) (("" (use "both_sides_times_pos_lt1" ("pz" "C!1(i!1)" "x" "ceiling(x!1/T!1(i!1))" "y" "1 + x!1 / T!1(i!1)")) (("" (assert) nil nil)) nil)) nil)) nil) proved-complete ((F const-decl "nonneg_real" ceiling_equations nil) (both_sides_times_pos_lt1 formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (U formal-type-decl nil ceiling_equations nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (integer nonempty-type-from-decl nil integers nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (< const-decl "bool" reals nil) (+ const-decl "[real, real -> real]" reals nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (/ const-decl "[real, nzreal -> real]" reals nil)) nil nil nil nil)) (increasing_F 0 (increasing_F-1 nil 3237060216 nil ("" (expand "F") (("" (skosimp) (("" (rewrite "both_sides_times_pos_le2") (("" (use "both_sides_div_pos_le1" ("y" "y!1")) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((F const-decl "nonneg_real" ceiling_equations nil) (both_sides_times_pos_le2 formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (U formal-type-decl nil ceiling_equations nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (integer nonempty-type-from-decl nil integers nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (< const-decl "bool" reals nil) (+ const-decl "[real, real -> real]" reals nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (/ const-decl "[real, nzreal -> real]" reals nil) (both_sides_div_pos_le1 formula-decl nil real_props nil)) nil nil nil nil)) (increasing_F2 0 (increasing_F2-1 nil 3237060216 nil ("" (expand "F") (("" (skosimp) (("" (rewrite "both_sides_times2") (("" (use "both_sides_times_pos_le2" ("pz" "C!1(i!1)" "x" "1 + ceiling(x!1 / T!1(i!1))" "y" "ceiling(y!1 / T!1(i!1))")) (("" (use "both_sides_div_pos_le1" ("y" "y!1")) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((F const-decl "nonneg_real" ceiling_equations nil) (both_sides_times2 formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (/= const-decl "boolean" notequal nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (U formal-type-decl nil ceiling_equations nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (integer nonempty-type-from-decl nil integers nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (< const-decl "bool" reals nil) (+ const-decl "[real, real -> real]" reals nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (nzreal nonempty-type-eq-decl nil reals nil) (/ const-decl "[real, nzreal -> real]" reals nil) (both_sides_div_pos_le1 formula-decl nil real_props nil) (both_sides_times_pos_le2 formula-decl nil real_props nil)) nil nil nil nil)) (F_zero 0 (F_zero-1 nil 3237060216 nil ("" (grind) nil nil) proved-complete ((F const-decl "nonneg_real" ceiling_equations nil)) nil nil nil nil)) (F_posreal 0 (F_posreal-1 nil 3237060216 nil ("" (expand "F") (("" (skolem!) (("" (rewrite "pos_times_gt") (("" (assert) nil nil)) nil)) nil)) nil) proved-complete ((F const-decl "nonneg_real" ceiling_equations nil) (pos_times_gt formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (U formal-type-decl nil ceiling_equations nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (integer nonempty-type-from-decl nil integers nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (< const-decl "bool" reals nil) (+ const-decl "[real, real -> real]" reals nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (/ const-decl "[real, nzreal -> real]" reals nil)) nil nil nil nil)) (low_G1 0 (low_G1-1 nil 3237060216 nil ("" (expand "G") (("" (skolem!) (("" (auto-rewrite "low_F1" "sum_mult") (("" (use "sum_le" ("f" "lambda i: x!1 * (C!1(i) / T!1(i))" "g" "F(C!1, T!1, x!1)")) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((G const-decl "nonneg_real" ceiling_equations nil) (low_F1 formula-decl nil ceiling_equations nil) (sum_mult formula-decl nil fsets_sum nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (U formal-type-decl nil ceiling_equations nil) (F const-decl "nonneg_real" ceiling_equations nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (/ const-decl "[real, nzreal -> real]" reals nil) (nzreal nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (* const-decl "[real, real -> real]" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number -> boolean]" reals nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (sum_le formula-decl nil fsets_sum nil)) nil nil nil nil)) (low_G2 0 (low_G2-1 nil 3237060216 nil ("" (skolem!) (("" (expand "G") (("" (rewrite "sum_le") (("" (skolem!) (("" (rewrite "low_F2") nil nil)) nil)) nil)) nil)) nil) proved-complete ((sum_le formula-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (number nonempty-type-decl nil numbers nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (F const-decl "nonneg_real" ceiling_equations nil) (U formal-type-decl nil ceiling_equations nil) (low_F2 formula-decl nil ceiling_equations nil) (G const-decl "nonneg_real" ceiling_equations nil)) nil nil nil nil)) (high_G1 0 (high_G1-1 nil 3237060216 nil ("" (expand "G") (("" (skolem!) (("" (auto-rewrite "sum_mult") (("" (use "sum_le" ("f" "F(C!1, T!1, x!1)" "g" "lambda i: x!1 * (C!1(i) / T!1(i)) + C!1(i)")) (("" (ground) (("1" (rewrite "sum_distributive" :dir rl) nil nil) ("2" (skolem!) (("2" (use "high_F") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((G const-decl "nonneg_real" ceiling_equations nil) (sum_distributive formula-decl nil fsets_sum nil) (sum_mult formula-decl nil fsets_sum nil) (high_F formula-decl nil ceiling_equations nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (U formal-type-decl nil ceiling_equations nil) (/ const-decl "[real, nzreal -> real]" reals nil) (nzreal nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (* const-decl "[real, real -> real]" reals nil) (+ const-decl "[real, real -> real]" reals nil) (F const-decl "nonneg_real" ceiling_equations nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number -> boolean]" reals nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (sum_le formula-decl nil fsets_sum nil)) nil nil nil nil)) (high_G2 0 (high_G2-1 nil 3237060216 nil ("" (expand "G") (("" (skosimp) (("" (assert) (("" (auto-rewrite "sum_mult" "high_F") (("" (use "sum_lt" ("f" "F(C!1, T!1, x!1)" "g" "lambda i: C!1(i) + x!1 * (C!1(i) / T!1(i))")) (("" (assert) (("" (rewrite "sum_distributive" :dir rl) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((G const-decl "nonneg_real" ceiling_equations nil) (sum_lt formula-decl nil fsets_sum nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (F const-decl "nonneg_real" ceiling_equations nil) (+ const-decl "[real, real -> real]" reals nil) (* const-decl "[real, real -> real]" reals nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (/ const-decl "[real, nzreal -> real]" reals nil) (U formal-type-decl nil ceiling_equations nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (sum_mult formula-decl nil fsets_sum nil) (sum_distributive formula-decl nil fsets_sum nil) (high_F formula-decl nil ceiling_equations nil)) nil nil nil nil)) (increasing_G 0 (increasing_G-1 nil 3237060216 nil ("" (auto-rewrite "G" "sum_le" "increasing_F") (("" (reduce) nil nil)) nil) proved-complete ((G const-decl "nonneg_real" ceiling_equations nil) (sum_le formula-decl nil fsets_sum nil) (increasing_F formula-decl nil ceiling_equations nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number -> boolean]" reals nil) (number nonempty-type-decl nil numbers nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (U formal-type-decl nil ceiling_equations nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) nil nil nil nil)) (increasing_G2 0 (increasing_G2-1 nil 3237060216 nil ("" (skosimp) (("" (expand "G") (("" (rewrite "sum_f_g") (("" (delete 2) (("" (skolem!) (("" (use "increasing_F2") (("" (ground) (("" (inst?) (("" (assert) (("" (use "sum_update" ("f" "F(C!1, T!1, x!1)" "t" "x!2" "c" "C!1(x!2) + F(C!1, T!1, x!1)(x!2)")) (("" (assert) (("" (use "sum_le" ("f" "F(C!1, T!1, x!1) WITH [(x!2) := F(C!1, T!1, x!1)(x!2) + C!1(x!2)]" "g" "F(C!1, T!1, y!1)")) (("" (ground) (("" (delete -1 2 3) (("" (auto-rewrite "increasing_F") (("" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((sum_f_g formula-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (number nonempty-type-decl nil numbers nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (F const-decl "nonneg_real" ceiling_equations nil) (U formal-type-decl nil ceiling_equations nil) (NOT const-decl "[bool -> bool]" booleans nil) (increasing_F formula-decl nil ceiling_equations nil) (sum_le formula-decl nil fsets_sum nil) (sum_update formula-decl nil fsets_sum nil) (+ const-decl "[real, real -> real]" reals nil) (increasing_F2 formula-decl nil ceiling_equations nil) (G const-decl "nonneg_real" ceiling_equations nil)) nil nil nil nil)) (G_zero 0 (G_zero-1 nil 3237060216 nil ("" (expand "G") (("" (skolem!) (("" (rewrite "sum_zero") (("" (skolem!) (("" (rewrite "F_zero") nil nil)) nil)) nil)) nil)) nil) proved-complete ((G const-decl "nonneg_real" ceiling_equations nil) (sum_zero formula-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (number nonempty-type-decl nil numbers nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (F const-decl "nonneg_real" ceiling_equations nil) (U formal-type-decl nil ceiling_equations nil) (F_zero formula-decl nil ceiling_equations nil)) nil nil nil nil)) (G_empty 0 (G_empty-1 nil 3237060216 nil ("" (expand "G") (("" (skosimp) (("" (rewrite "emptyset_is_empty?") (("" (replace*) (("" (rewrite "sum_emptyset") nil nil)) nil)) nil)) nil)) nil) proved-complete ((G const-decl "nonneg_real" ceiling_equations nil) (emptyset_is_empty? formula-decl nil sets_lemmas nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (U formal-type-decl nil ceiling_equations nil) (sum_emptyset formula-decl nil fsets_sum nil) (number nonempty-type-decl nil numbers nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (F const-decl "nonneg_real" ceiling_equations nil)) nil nil nil nil)) (G_posreal 0 (G_posreal-1 nil 3237060216 nil ("" (skolem!) (("" (expand "G") (("" (assert) nil nil)) nil)) nil) proved-complete ((G const-decl "nonneg_real" ceiling_equations nil)) nil nil nil nil)) (u_TCC1 0 (u_TCC1-1 nil 3237060216 nil ("" (subtype-tcc) nil nil) proved-complete ((member const-decl "bool" sets nil) (injective? const-decl "bool" functions nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (>= const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number -> boolean]" reals nil) (number nonempty-type-decl nil numbers nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (empty? const-decl "bool" sets nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (U formal-type-decl nil ceiling_equations nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) nil nil nil nil)) (u_TCC2 0 (u_TCC2-1 nil 3237060216 nil ("" (termination-tcc) nil nil) proved-complete nil nil nil nil nil)) (increasing_u1 0 (increasing_u1-1 nil 3237060216 nil ("" (induct-and-rewrite "n" 1 "u") (("1" (use "low_G2") (("1" (assert) nil nil)) nil) ("2" (use "increasing_G" ("x" "u(E!1, B!1, C!1, T!1)(j!1)" "y" "G(E!1, C!1, T!1, u(E!1, B!1, C!1, T!1)(j!1)) + B!1")) (("2" (assert) nil nil)) nil)) nil) proved-complete ((nat_induction formula-decl nil naturalnumbers nil) (+ const-decl "[real, real -> real]" reals nil) (u def-decl "posreal" ceiling_equations nil) (<= const-decl "bool" reals nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (U formal-type-decl nil ceiling_equations nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (pred type-eq-decl nil defined_types nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number -> boolean]" reals nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (sum def-decl "real" fsets_sum nil) (low_G2 formula-decl nil ceiling_equations nil) (increasing_G formula-decl nil ceiling_equations nil) (G const-decl "nonneg_real" ceiling_equations nil)) nil nil nil nil)) (increasing_u2 0 (increasing_u2-1 nil 3237060216 nil ("" (skosimp) (("" (auto-rewrite "u") (("" (case-replace "n!1 = 0") (("1" (assert) (("1" (case "EXISTS c: c <= sum(E!1, C!1) AND G(E!1, C!1, T!1, c) = sum(E!1, C!1)") (("1" (skosimp) (("1" (use "increasing_G2" ("x" "c!1" "y" "sum(E!1, C!1) + B!1")) (("1" (reduce) nil nil)) nil)) nil) ("2" (delete -1 2 3) (("2" (inst + "min(sum(E!1, C!1), min(E!1, T!1))") (("2" (auto-rewrite "G" "F" "div_simp") (("2" (ground) (("2" (rewrite "sum_f_g") (("2" (delete 2) (("2" (skolem!) (("2" (case-replace "ceiling(min(sum(E!1, C!1), min(E!1, T!1)) / T!1(x!1)) = 1") (("1" (assert) nil nil) ("2" (delete 2) (("2" (use "min_prop1" ("A" "E!1" "f" "T!1")) (("2" (use "both_sides_div_pos_le1" ("x" "min(sum(E!1, C!1), min(E!1, T!1))" "y" "T!1(x!1)" "pz" "T!1(x!1)")) (("2" (assert) (("2" (typepred "ceiling(min(sum(E!1, C!1), min(E!1, T!1)) / T!1(x!1))") (("2" (assert :flush? t) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) (("2" (use "increasing_G2" ("x" "u(E!1, B!1, C!1, T!1)(n!1 - 1)" "y" "u(E!1, B!1, C!1, T!1)(n!1)")) (("2" (rewrite "increasing_u1") (("2" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (G const-decl "nonneg_real" ceiling_equations nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (sum def-decl "real" fsets_sum nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (U formal-type-decl nil ceiling_equations nil) (<= const-decl "bool" reals nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (+ const-decl "[real, real -> real]" reals nil) (increasing_G2 formula-decl nil ceiling_equations nil) (min const-decl "{x | minimum(A, f, x)}" fsets_minmax nil) (minimum const-decl "bool" fsets_minmax nil) (min const-decl "{p: real | p <= m AND p <= n}" real_defs nil) (integer nonempty-type-from-decl nil integers nil) (< const-decl "bool" reals nil) (ceiling const-decl "{i | x <= i & i < x + 1}" floor_ceil nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (/ const-decl "[real, nzreal -> real]" reals nil) (min_prop1 formula-decl nil fsets_minmax nil) (div_simp formula-decl nil real_props nil) (both_sides_div_pos_le1 formula-decl nil real_props nil) (sum_f_g formula-decl nil fsets_sum nil) (F const-decl "nonneg_real" ceiling_equations nil) (u def-decl "posreal" ceiling_equations nil) (- const-decl "[real, real -> real]" reals nil) (increasing_u1 formula-decl nil ceiling_equations nil)) nil nil nil nil)) (increasing_u3 0 (increasing_u3-1 nil 3237060216 nil ("" (skosimp) (("" (case "FORALL n: u(E!1, B!1, C!1, T!1)(n!1) <= u(E!1, B!1, C!1, T!1)(n!1 + n)") (("1" (assert) (("1" (inst - "m!1 - n!1") (("1" (assert) nil nil)) nil)) nil) ("2" (delete -1 2) (("2" (induct "n") (("1" (assert) nil nil) ("2" (skosimp) (("2" (use "increasing_u1" ("n" "n!1 + j!1")) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((increasing_u1 formula-decl nil ceiling_equations nil) (nat_induction formula-decl nil naturalnumbers nil) (pred type-eq-decl nil defined_types nil) (- const-decl "[real, real -> real]" reals nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (<= const-decl "bool" reals nil) (U formal-type-decl nil ceiling_equations nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (u def-decl "posreal" ceiling_equations nil) (+ const-decl "[real, real -> real]" reals nil)) nil nil nil nil)) (fixed_point 0 (fixed_point-1 nil 3237060216 nil ("" (skosimp) (("" (assert) (("" (inst 2 "min(E!1, C!1)") (("" (induct "n" 2) (("1" (auto-rewrite "u") (("1" (assert) nil nil)) nil) ("2" (skosimp) (("2" (use "increasing_u2") (("2" (ground) (("1" (inst?) (("1" (assert) nil nil)) nil) ("2" (skosimp) (("2" (use "min_prop1") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (U formal-type-decl nil ceiling_equations nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (minimum const-decl "bool" fsets_minmax nil) (min const-decl "{x | minimum(A, f, x)}" fsets_minmax nil) (min_prop1 formula-decl nil fsets_minmax nil) (increasing_u2 formula-decl nil ceiling_equations nil) (nat_induction formula-decl nil naturalnumbers nil) (* const-decl "[real, real -> real]" reals nil) (sum def-decl "real" fsets_sum nil) (+ const-decl "[real, real -> real]" reals nil) (u def-decl "posreal" ceiling_equations nil) (pred type-eq-decl nil defined_types nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil)) nil nil nil nil)) (least_fixed_point 0 (least_fixed_point-1 nil 3237060216 nil ("" (skosimp) (("" (induct-and-rewrite "n" 1 "u") (("1" (use "low_G2") (("1" (assert) nil nil)) nil) ("2" (use "increasing_G" ("y" "z!1")) (("2" (assert) nil nil)) nil)) nil)) nil) proved-complete ((increasing_G formula-decl nil ceiling_equations nil) (low_G2 formula-decl nil ceiling_equations nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pred type-eq-decl nil defined_types nil) (<= const-decl "bool" reals nil) (U formal-type-decl nil ceiling_equations nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (u def-decl "posreal" ceiling_equations nil) (nat_induction formula-decl nil naturalnumbers nil)) nil nil nil nil)) (fixed_point_prop 0 (fixed_point_prop-1 nil 3237060216 nil ("" (skolem + ("B!1" "C!1" "E!1" "T!1" _ "z!1")) (("" (induct-and-rewrite "n" 1 "u") (("1" (use "low_G2") (("1" (assert) nil nil)) nil) ("2" (use "increasing_G" ("x" "u(E!1, B!1, C!1, T!1)(j!1)" "y" "z!1")) (("2" (ground) nil nil)) nil)) nil)) nil) proved-complete ((increasing_G formula-decl nil ceiling_equations nil) (low_G2 formula-decl nil ceiling_equations nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pred type-eq-decl nil defined_types nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (< const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (U formal-type-decl nil ceiling_equations nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (u def-decl "posreal" ceiling_equations nil) (+ const-decl "[real, real -> real]" reals nil) (G const-decl "nonneg_real" ceiling_equations nil) (nat_induction formula-decl nil naturalnumbers nil)) nil nil nil nil)) (upper_bound1 0 (upper_bound1-1 nil 3237060216 nil ("" (skosimp) (("" (case "EXISTS x: x * sum(E!1, lambda i: C!1(i)/T!1(i)) + sum(E!1, C!1) + B!1 = x") (("1" (skolem!) (("1" (assert) (("1" (inst + "x!1") (("1" (use "high_G1") (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (delete 2) (("2" (name-replace "a!1" "sum(E!1, LAMBDA (i: U): C!1(i) / T!1(i))") (("2" (assert) (("2" (inst + "(sum(E!1, C!1) + B!1) / (1 - a!1)") (("1" (use "div_cancel2" ("x" "sum(E!1, C!1) + B!1" "n0z" "1 - a!1")) (("1" (assert) nil nil)) nil) ("2" (rewrite "pos_div_ge") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((pos_div_ge formula-decl nil real_props nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (div_cancel2 formula-decl nil real_props nil) (- const-decl "[real, real -> real]" reals nil) (high_G1 formula-decl nil ceiling_equations nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (= const-decl "[T, T -> boolean]" equalities nil) (+ const-decl "[real, real -> real]" reals nil) (* const-decl "[real, real -> real]" reals nil) (U formal-type-decl nil ceiling_equations nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (sum def-decl "real" fsets_sum nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (/ const-decl "[real, nzreal -> real]" reals nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil)) nil nil nil nil)) (upper_bound2 0 (upper_bound2-1 nil 3237060216 3237060403 ("" (skosimp) (("" (use "upper_bound1" ("B" "B!1")) (("" (assert) (("" (skolem!) (("" (inst + "z!1") (("" (induct-and-rewrite "n" 1 "u") (("1" (use "low_G2") (("1" (assert) nil nil)) nil) ("2" (use "increasing_G" ("y" "z!1")) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((upper_bound1 formula-decl nil ceiling_equations nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (finite_set type-eq-decl nil finite_sets_def nil) (is_finite const-decl "bool" finite_sets_def nil) (set type-eq-decl nil sets nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (U formal-type-decl nil ceiling_equations nil) (nat_induction formula-decl nil naturalnumbers nil) (u def-decl "posreal" ceiling_equations nil) (<= const-decl "bool" reals nil) (pred type-eq-decl nil defined_types nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (low_G2 formula-decl nil ceiling_equations nil) (increasing_G formula-decl nil ceiling_equations nil)) 54595 10470 t nil)) (fixed_point_exists 0 (fixed_point_exists-1 nil 3237060216 nil ("" (skosimp) (("" (use "fixed_point") (("" (ground) (("" (use "upper_bound2") (("" (assert) (("" (skosimp*) (("" (delete -3 1) (("" (case "EXISTS n: (z!1 - B!1)/c!1 < n") (("1" (skolem!) (("1" (rewrite "div_mult_pos_lt1") (("1" (inst - "n!1") (("1" (inst - "n!1") (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (delete -) (("2" (lemma "axiom_of_archimedes" ("x" "(z!1 - B!1) / c!1")) (("2" (skolem!) (("2" (case "i!1 < 0") (("1" (inst + "0") (("1" (assert) nil nil)) nil) ("2" (assert) (("2" (inst?) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((axiom_of_archimedes formula-decl nil real_props nil) (div_mult_pos_lt1 formula-decl nil real_props nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (/ const-decl "[real, nzreal -> real]" reals nil) (- const-decl "[real, real -> real]" reals nil) (upper_bound2 formula-decl nil ceiling_equations nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (U formal-type-decl nil ceiling_equations nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (fixed_point formula-decl nil ceiling_equations nil)) nil nil nil nil)) (solution_exists 0 (solution_exists-1 nil 3237060216 nil ("" (skosimp) (("" (use "fixed_point_exists" ("B" "B!1")) (("" (auto-rewrite "u") (("" (assert) (("" (skolem!) (("" (assert) (("" (inst?) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((nat nonempty-type-eq-decl nil naturalnumbers nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (u def-decl "posreal" ceiling_equations nil) (U formal-type-decl nil ceiling_equations nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number -> boolean]" reals nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (fixed_point_exists formula-decl nil ceiling_equations nil)) nil nil nil nil)) (smallest_solution 0 (smallest_solution-1 nil 3237060216 nil ("" (skosimp) (("" (use "fixed_point_exists" ("B" "B!1")) (("" (auto-rewrite "u") (("" (assert) (("" (skolem!) (("" (inst?) (("" (ground) (("" (skosimp) (("" (use "least_fixed_point") (("" (assert) (("" (inst?) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((least_fixed_point formula-decl nil ceiling_equations nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (u def-decl "posreal" ceiling_equations nil) (U formal-type-decl nil ceiling_equations nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number -> boolean]" reals nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (fixed_point_exists formula-decl nil ceiling_equations nil)) nil nil nil nil)) (smallest_solution2 0 (smallest_solution2-1 nil 3237060216 nil ("" (skosimp) (("" (use "fixed_point_exists" ("B" "B!1")) (("" (auto-rewrite "u") (("" (assert) (("" (skolem!) (("" (inst?) (("" (ground) (("" (skosimp) (("" (use "fixed_point_prop" ("z" "w!1" "n" "n!1")) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((fixed_point_prop formula-decl nil ceiling_equations nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (u def-decl "posreal" ceiling_equations nil) (U formal-type-decl nil ceiling_equations nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number -> boolean]" reals nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (fixed_point_exists formula-decl nil ceiling_equations nil)) nil nil nil nil)) (integer_solution 0 (integer_solution-1 nil 3237060216 nil ("" (skosimp) (("" (use "solution_exists" ("B" "B1!1")) (("" (assert) (("" (skolem!) (("" (inst?) (("" (expand "G") (("" (expand "F") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((AND const-decl "[bool, bool -> bool]" booleans nil) (F const-decl "nonneg_real" ceiling_equations nil) (G const-decl "nonneg_real" ceiling_equations nil) (U formal-type-decl nil ceiling_equations nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (posnat nonempty-type-eq-decl nil integers nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number -> boolean]" reals nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (solution_exists formula-decl nil ceiling_equations nil)) nil nil nil nil)) (smallest_int_solution 0 (smallest_int_solution-1 nil 3237060216 nil ("" (skosimp) (("" (use "smallest_solution" ("B" "B1!1")) (("" (assert) (("" (skosimp) (("" (inst? +) (("1" (ground) nil nil) ("2" (expand* "G" "F") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((AND const-decl "[bool, bool -> bool]" booleans nil) (G const-decl "nonneg_real" ceiling_equations nil) (F const-decl "nonneg_real" ceiling_equations nil) (U formal-type-decl nil ceiling_equations nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (posnat nonempty-type-eq-decl nil integers nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number -> boolean]" reals nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (smallest_solution formula-decl nil ceiling_equations nil)) nil nil nil nil)) (smallest_int_solution2 0 (smallest_int_solution2-1 nil 3237060216 nil ("" (skosimp) (("" (use "smallest_solution2" ("B" "B1!1")) (("" (assert) (("" (skosimp) (("" (inst? +) (("1" (ground) nil nil) ("2" (expand* "G" "F") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((AND const-decl "[bool, bool -> bool]" booleans nil) (G const-decl "nonneg_real" ceiling_equations nil) (F const-decl "nonneg_real" ceiling_equations nil) (U formal-type-decl nil ceiling_equations nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (posnat nonempty-type-eq-decl nil integers nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets_def nil) (finite_set type-eq-decl nil finite_sets_def nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets_def nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number -> boolean]" reals nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (smallest_solution2 formula-decl nil ceiling_equations nil)) nil nil nil nil))) $$$sum_partitions.pvs sum_partitions [ T: TYPE] : THEORY BEGIN IMPORTING sum_sequences[T] A, B, C, D, X: VAR set[T] u: VAR [nat -> T] t, t1, t2, n: VAR nat partition2(X)(A, B): bool = disjoint?(A, B) AND X = union(A, B) partition3(X)(A, B, C): bool = disjoint?(A, B) AND partition2(X)(union(A, B), C) partition4(X)(A, B, C, D): bool= disjoint?(A, B) AND disjoint?(C, D) AND partition2(X)(union(A, B), union(C, D)) sum_partition2: LEMMA partition2(X)(A, B) IMPLIES sum(u, t1, t2, X) = sum(u, t1, t2, A) + sum(u, t1, t2, B) sum_partition3: LEMMA partition3(X)(A, B, C) IMPLIES sum(u, t1, t2, X) = sum(u, t1, t2, A) + sum(u, t1, t2, B) + sum(u, t1, t2, C) sum_partition4: LEMMA partition4(X)(A, B, C, D) IMPLIES sum(u, t1, t2, X) = sum(u, t1, t2, A) + sum(u, t1, t2, B) + sum(u, t1, t2, C) + sum(u, t1, t2, D) END sum_partitions $$$sum_partitions.prf (|sum_partitions| (|sum_partition2| "" (AUTO-REWRITE "partition2" "sum_disj_union") (("" (REDUCE) NIL NIL)) NIL) (|sum_partition3| "" (AUTO-REWRITE "partition3" "partition2" "sum_disj_union") (("" (REDUCE) NIL NIL)) NIL) (|sum_partition4| "" (AUTO-REWRITE "partition4" "partition2" "sum_disj_union") (("" (REDUCE) NIL NIL)) NIL)) $$$sum_sequences.pvs sum_sequences [ T: TYPE] : THEORY BEGIN u, u1, u2: VAR [nat -> T] t, t1, t2, t3, n: VAR nat E, E1, E2: VAR set[T] %------------------------------------------------------------------------ % sum(u, t1, t2, E) = card { t | t1 <= t < t2 AND u(t) belongs to E } %------------------------------------------------------------------------ sum(u, t1, t2, E): RECURSIVE nat = IF t2 <= t1 THEN 0 ELSIF E(u(t2-1)) THEN 1 + sum(u, t1, t2-1, E) ELSE sum(u, t1, t2-1, E) ENDIF MEASURE max(t2 - t1, 0) %% Auxiliary lemmas for inductive proofs sum_init: LEMMA sum(u, t, t, E) = 0 sum_step: LEMMA sum(u, t, t + n + 1, E) = IF E(u(t + n)) THEN 1 + sum(u, t, t + n, E) ELSE sum(u, t, t + n, E) ENDIF %----------------------- % Bounds & splitting %----------------------- max_sum: LEMMA t1 <= t2 IMPLIES sum(u, t1, t2, E) <= t2 - t1 sum_zero: LEMMA sum(u, t1, t2, E) = 0 IFF FORALL t: t1 <= t AND t < t2 IMPLIES not E(u(t)) sum_full: LEMMA sum(u, t1, t2, E) = t2 - t1 IFF t1 <= t2 AND FORALL t: t1 <= t AND t < t2 IMPLIES E(u(t)) sum_split: LEMMA t1 <= t AND t <= t2 IMPLIES sum(u, t1, t, E) + sum(u, t, t2, E) = sum(u, t1, t2, E) sum_increasing: LEMMA t1 <= t2 AND t2 <= t3 IMPLIES sum(u, t1, t2, E) <= sum(u, t1, t3, E) equal_sums: LEMMA (FORALL (t | t1 <= t AND t < t2): E(u1(t)) IFF E(u2(t))) IMPLIES sum(u1, t1, t2, E) = sum(u2, t1, t2, E) %------------------------- % sum for various sets %------------------------- sum_emptyset: LEMMA sum(u, t1, t2, emptyset) = 0 sum_fullset: LEMMA t1 <= t2 IMPLIES sum(u, t1, t2, fullset) = t2 - t1 sum_disj_union: LEMMA disjoint?(E1, E2) IMPLIES sum(u, t1, t2, union(E1, E2)) = sum(u, t1, t2, E1) + sum(u, t1, t2, E2) sum_diff_subset: LEMMA subset?(E1, E2) IMPLIES sum(u, t1, t2, difference(E2, E1)) = sum(u, t1, t2, E2) - sum(u, t1, t2, E1) sum_union_inter: LEMMA sum(u, t1, t2, union(E1, E2)) + sum(u, t1, t2, intersection(E1, E2)) = sum(u, t1, t2, E1) + sum(u, t1, t2, E2) sum_complement: LEMMA t1 <= t2 IMPLIES sum(u, t1, t2, complement(E)) = t2 - t1 - sum(u, t1, t2, E) sum_subset: LEMMA subset?(E1, E2) IMPLIES sum(u, t1, t2, E1) <= sum(u, t1, t2, E2) sum_union1: LEMMA sum(u, t1, t2, E1) <= sum(u, t1, t2, union(E1, E2)) sum_union2: LEMMA sum(u, t1, t2, E2) <= sum(u, t1, t2, union(E1, E2)) sum_inter1: LEMMA sum(u, t1, t2, intersection(E1, E2)) <= sum(u, t1, t2, E1) sum_inter2: LEMMA sum(u, t1, t2, intersection(E1, E2)) <= sum(u, t1, t2, E2) END sum_sequences $$$sum_sequences.prf (|sum_sequences| (|sum_TCC1| "" (SUBTYPE-TCC) NIL NIL) (|sum_TCC2| "" (SUBTYPE-TCC) NIL NIL) (|sum_TCC3| "" (TERMINATION-TCC) NIL NIL) (|sum_TCC4| "" (SUBTYPE-TCC) NIL NIL) (|sum_init| "" (GRIND) NIL NIL) (|sum_step| "" (GRIND) NIL NIL) (|max_sum| "" (SKOSIMP) (("" (ASSERT) (("" (CASE "FORALL n: sum(u!1, t1!1, t1!1+n, E!1) <= n") (("1" (INST - "t2!1 - t1!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (DELETE -1 2) (("2" (INDUCT-AND-SIMPLIFY "n" 1 :DEFS NIL :REWRITES ("sum_init" ("sum_step"))) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|sum_zero| "" (SKOLEM!) (("" (CASE "t2!1 < t1!1") (("1" (GRIND) NIL NIL) ("2" (ASSERT) (("2" (CASE "FORALL n: sum(u!1, t1!1, t1!1 + n, E!1) = 0 IFF (FORALL t: t lift[job]] sch, sch1, sch2: VAR schedule t, t1, t2, t3: VAR nat j, k: VAR job E, E1, E2, E3, E4: VAR set[job] x: VAR lift[job] %------------------------------------------------------------------------- % active(sch, j, t): j is the job active at time t in sch % idle(sch, t): no job is active at time t % % process_time(sch, t1, t2, E): time allocated to a job of E in [t1, t2[ % = card { u | t1 <= u < t2 AND active_job at time u belongs to E } % % idle_time(sch, t1, t2): idle time in [t1, t2[ % = card { u | t1 <= u < t2 AND no job is active at time u } %------------------------------------------------------------------------- active(sch, j, t): bool = sch(t) = up(j) idle(sch, t): bool = sch(t) = bottom idle_time(sch, t1, t2): nat = sum(sch, t1, t2, bottom?) process_time(sch, t1, t2, E): nat = sum(sch, t1, t2, { x | up?(x) AND E(down(x)) }) %--------------- % Properties %--------------- unique_active: LEMMA active(sch, j, t) AND active(sch, k, t) IMPLIES j = k idle_equiv: LEMMA idle(sch, t) IFF NOT EXISTS j: active(sch, j, t) total_cpu: LEMMA t1 <= t2 IMPLIES process_time(sch, t1, t2, fullset) + idle_time(sch, t1, t2) = t2 - t1 max_idle_time: LEMMA t1 <= t2 IMPLIES idle_time(sch, t1, t2) <= t2 - t1 zero_idle_time: LEMMA idle_time(sch, t1, t2) = 0 IFF FORALL t: t1 <= t AND t < t2 IMPLIES not idle(sch, t) idle_interval: LEMMA idle_time(sch, t1, t2) = t2 - t1 IFF t1 <= t2 AND FORALL t: t1 <= t AND t < t2 IMPLIES idle(sch, t) split_idle_time: LEMMA t1 <= t2 AND t2 <= t3 IMPLIES idle_time(sch, t1, t2) + idle_time(sch, t2, t3) = idle_time(sch, t1, t3) increasing_idle_time: LEMMA t1 <= t2 AND t2 <= t3 IMPLIES idle_time(sch, t1, t2) <= idle_time(sch, t1, t3) equal_idle_time: LEMMA (FORALL t: t1 <= t AND t < t2 IMPLIES (idle(sch1, t) IFF idle(sch2, t))) IMPLIES idle_time(sch1, t1, t2) = idle_time(sch2, t1, t2) %------------------------------ % Properties of process_time %------------------------------ max_process_time: LEMMA t1 <= t2 IMPLIES process_time(sch, t1, t2, E) <= t2 - t1 zero_process_time: LEMMA process_time(sch, t1, t2, E) = 0 IFF FORALL t, j: t1 <= t AND t < t2 AND active(sch, j, t) IMPLIES not E(j) busy_interval: LEMMA process_time(sch, t1, t2, E) = t2 - t1 IFF t1 <= t2 AND FORALL t: t1 <= t AND t < t2 IMPLIES EXISTS j: active(sch, j, t) AND E(j) split_process_time: LEMMA t1 <= t2 AND t2 <= t3 IMPLIES process_time(sch, t1, t2, E) + process_time(sch, t2, t3, E) = process_time(sch, t1, t3, E) increasing_process_time: LEMMA t1 <= t2 AND t2 <= t3 IMPLIES process_time(sch, t1, t2, E) <= process_time(sch, t1, t3, E) equal_process_time: LEMMA (FORALL t, j: t1 <= t AND t < t2 AND E(j) IMPLIES (active(sch1, j, t) IFF active(sch2, j, t))) IMPLIES process_time(sch1, t1, t2, E) = process_time(sch2, t1, t2, E) %----------------------------------------- % Process time for various sets of jobs %----------------------------------------- process_time_emptyset: LEMMA process_time(sch, t1, t2, emptyset) = 0 process_time_subset: LEMMA subset?(E1, E2) IMPLIES process_time(sch, t1, t2, E1) <= process_time(sch, t1, t2, E2) process_time_partition2: LEMMA partition2(E)(E1, E2) IMPLIES process_time(sch, t1, t2, E) = process_time(sch, t1, t2, E1) + process_time(sch, t1, t2, E2) process_time_partition3: LEMMA partition3(E)(E1, E2, E3) IMPLIES process_time(sch, t1, t2, E) = process_time(sch, t1, t2, E1) + process_time(sch, t1, t2, E2) + process_time(sch, t1, t2, E3) process_time_partition4: LEMMA partition4(E)(E1, E2, E3, E4) IMPLIES process_time(sch, t1, t2, E) = process_time(sch, t1, t2, E1) + process_time(sch, t1, t2, E2) + process_time(sch, t1, t2, E3) + process_time(sch, t1, t2, E4) %-------------------------------------- % Abbreviations for sums from 0 to t % and for sums over singleton sets %-------------------------------------- process_time(sch, t, E): nat = process_time(sch, 0, t, E) process_time(sch, t1, t2, j): nat = process_time(sch, t1, t2, singleton(j)) process_time(sch, t, j): nat = process_time(sch, t, singleton(j)) idle_time(sch, t): nat = idle_time(sch, 0, t) total_cpu2: LEMMA process_time(sch, t, fullset) + idle_time(sch, t) = t process_time_equiv1: LEMMA t1 <= t2 IMPLIES process_time(sch, t1, t2, E) = process_time(sch, t2, E) - process_time(sch, t1, E) process_time_equiv2: LEMMA t1 <= t2 IMPLIES process_time(sch, t1, t2, j) = process_time(sch, t2, j) - process_time(sch, t1, j) idle_time_equiv: LEMMA t1 <= t2 IMPLIES idle_time(sch, t1, t2) = idle_time(sch, t2) - idle_time(sch, t1) %----------------------------------------- % Next value of process_time(sch, t, j) %----------------------------------------- process_time_init: LEMMA process_time(sch, 0, j) = 0 process_time_step: LEMMA process_time(sch, t+1, j) = IF active(sch, j, t) THEN 1 + process_time(sch, t, j) ELSE process_time(sch, t, j) ENDIF process_time_init2: LEMMA process_time(sch, t, t, j) = 0 process_time_step2: LEMMA t1 <= t2 IMPLIES process_time(sch, t1, t2 +1, j) = IF active(sch, j, t2) THEN 1 + process_time(sch, t1, t2, j) ELSE process_time(sch, t1, t2, j) ENDIF %-------------------------------------------------- % Schedule constructed from act(j, t) predicate %-------------------------------------------------- act: VAR { p: [job, nat -> bool] | FORALL j, k, t: p(j, t) AND p(k, t) => j = k } sched(act): schedule = lambda t: IF EXISTS j: act(j, t) THEN up(epsilon! j: act(j, t)) ELSE bottom ENDIF schedule_from_act1: LEMMA active(sched(act), j, t) IFF act(j, t) schedule_from_act2: LEMMA idle(sched(act), t) IFF NOT EXISTS j: act(j, t) END schedules $$$schedules.prf (|schedules| (|unique_active| "" (EXPAND "active") (("" (SKOSIMP) (("" (ASSERT) (("" (CASE "down(up(j!1)) = k!1") (("1" (ASSERT) NIL NIL) ("2" (REPLACE*) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|idle_equiv| "" (GRIND) (("" (INST + "down(sch!1(t!1))") (("" (REWRITE "lift_up_eta[job]") NIL NIL)) NIL)) NIL) (|total_cpu| "" (EXPAND* "process_time" "idle_time" "fullset") (("" (SKOSIMP) (("" (CASE-REPLACE "{ x | up?(x) } = complement(bottom?)") (("1" (REWRITE "sum_complement") (("1" (ASSERT) NIL NIL)) NIL) ("2" (DELETE 2) (("2" (AUTO-REWRITE "complement" "member") (("2" (APPLY-EXTENSIONALITY :HIDE? T) (("2" (SMASH) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|max_idle_time| "" (EXPAND "idle_time") (("" (SKOSIMP) (("" (REWRITE "max_sum") NIL NIL)) NIL)) NIL) (|zero_idle_time| "" (EXPAND* "idle_time" "idle") (("" (SKOLEM!) (("" (REWRITE "sum_zero") (("" (APPLY (THEN (SMASH) (SKOSIMP) (INST?) (ASSERT))) NIL NIL)) NIL)) NIL)) NIL) (|idle_interval| "" (EXPAND* "idle_time" "idle") (("" (SKOLEM!) (("" (REWRITE "sum_full") (("" (APPLY (THEN (SMASH) (SKOSIMP) (INST?) (ASSERT))) NIL NIL)) NIL)) NIL)) NIL) (|split_idle_time| "" (EXPAND "idle_time") (("" (SKOSIMP) (("" (REWRITE "sum_split") NIL NIL)) NIL)) NIL) (|increasing_idle_time| "" (EXPAND "idle_time") (("" (SKOSIMP) (("" (REWRITE "sum_increasing") NIL NIL)) NIL)) NIL) (|equal_idle_time| "" (EXPAND* "idle_time" "idle") (("" (SKOSIMP) (("" (REWRITE "equal_sums") (("" (APPLY (THEN (SKOSIMP) (INST?) (SMASH))) NIL NIL)) NIL)) NIL)) NIL) (|max_process_time| "" (EXPAND "process_time") (("" (SKOSIMP) (("" (REWRITE "max_sum") NIL NIL)) NIL)) NIL) (|zero_process_time| "" (EXPAND* "process_time" "active") (("" (SKOLEM!) (("" (REWRITE "sum_zero") (("" (AUTO-REWRITE "lift_up_eta") (("" (APPLY (THEN (REDUCE :IF-MATCH NIL) (REDUCE))) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|busy_interval| "" (EXPAND* "process_time" "active") (("" (SKOLEM!) (("" (REWRITE "sum_full") (("" (AUTO-REWRITE "lift_up_eta") (("" (APPLY (THEN (REDUCE :IF-MATCH NIL) (REDUCE))) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|split_process_time| "" (EXPAND "process_time") (("" (SKOSIMP) (("" (REWRITE "sum_split") NIL NIL)) NIL)) NIL) (|increasing_process_time| "" (EXPAND "process_time") (("" (SKOSIMP) (("" (REWRITE "sum_increasing") NIL NIL)) NIL)) NIL) (|equal_process_time| "" (EXPAND* "process_time" "active") (("" (SKOSIMP) (("" (REWRITE "equal_sums") (("" (AUTO-REWRITE "lift_up_eta") (("" (DELETE 2) (("" (APPLY (THEN (REDUCE :IF-MATCH NIL) (REDUCE :POLARITY? T))) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|process_time_emptyset| "" (SKOLEM!) (("" (AUTO-REWRITE "emptyset" "sum_emptyset" "process_time") (("" (ASSERT) (("" (CASE-REPLACE "{ x | FALSE } = emptyset") (("1" (ASSERT) NIL NIL) ("2" (EXPAND "emptyset") (("2" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|process_time_subset| "" (EXPAND "process_time") (("" (SKOSIMP) (("" (REWRITE "sum_subset") (("" (DELETE 2) (("" (GRIND :REWRITES ("some_or_none_some_eta")) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|process_time_partition2| "" (SKOSIMP) (("" (EXPAND "process_time") (("" (REWRITE "sum_partition2") (("" (DELETE 2) (("" (GRIND) (("" (APPLY-EXTENSIONALITY :HIDE? T) (("" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|process_time_partition3| "" (SKOSIMP) (("" (EXPAND "process_time") (("" (REWRITE "sum_partition3") (("" (DELETE 2) (("" (GRIND) (("" (APPLY-EXTENSIONALITY :HIDE? T) (("" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|process_time_partition4| "" (SKOSIMP) (("" (EXPAND "process_time") (("" (REWRITE "sum_partition4") (("" (DELETE 2) (("" (GRIND) (("" (APPLY-EXTENSIONALITY :HIDE? T) (("" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|total_cpu2| "" (EXPAND* "process_time" "idle_time") (("" (SKOSIMP) (("" (USE "total_cpu") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) (|process_time_equiv1| "" (EXPAND "process_time" 1 2) (("" (EXPAND "process_time" 1 3) (("" (SKOSIMP) (("" (USE "split_process_time" ("t1" "0" "t2" "t1!1" "t3" "t2!1")) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|process_time_equiv2| "" (EXPAND "process_time") (("" (SKOSIMP) (("" (REWRITE "process_time_equiv1") NIL NIL)) NIL)) NIL) (|idle_time_equiv| "" (EXPAND "idle_time" 1 2) (("" (EXPAND "idle_time" 1 3) (("" (SKOSIMP) (("" (USE "split_idle_time" ("t1" "0")) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|process_time_init| "" (GRIND) NIL NIL) (|process_time_step| "" (GRIND) (("" (APPLY-EXTENSIONALITY :HIDE? T) NIL NIL)) NIL) (|process_time_init2| "" (GRIND) NIL NIL) (|process_time_step2| "" (GRIND) (("" (APPLY-EXTENSIONALITY :HIDE? T) NIL NIL)) NIL) (|sched_TCC1| "" (EXISTENCE-TCC) NIL NIL) (|schedule_from_act1| "" (SKOLEM-TYPEPRED) (("" (EXPAND* "sched" "active") (("" (CASE "EXISTS j: true") (("1" (SMASH) (("1" (USE "epsilon_ax[job]") (("1" (GROUND) (("1" (CASE "down(up(epsilon! (j: job): act!1(j, t!1))) = j!1") (("1" (ASSERT) NIL NIL) ("2" (REPLACE*) (("2" (ASSERT) NIL NIL)) NIL) ("3" (PROPAX) NIL NIL)) NIL)) NIL)) NIL) ("2" (USE "epsilon_ax[job]") (("2" (GROUND) (("2" (INST - "j!1" "epsilon! j: act!1(j, t!1)" "t!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("3" (INST? +) NIL NIL)) NIL) ("2" (INST + "j!1") NIL NIL)) NIL)) NIL)) NIL) (|schedule_from_act2| "" (EXPAND* "idle" "sched") (("" (SKOLEM!) (("" (SMASH) NIL NIL)) NIL)) NIL)) $$$precedence.pvs %%%%%%%%%%%%%%%%%%%%%%%%%% % order between jobs % %%%%%%%%%%%%%%%%%%%%%%%%%% precedence [ (IMPORTING basic_types) job: TYPE, prio: [job -> priority], dispatch: [job -> nat] ] : THEORY BEGIN j, k: VAR job A: VAR (nonempty?[job]) precedes(j, k): bool = prio(j) > prio(k) OR prio(j) = prio(k) AND dispatch(j) <= dispatch(k) topjob_exists: LEMMA EXISTS (j: (A)): FORALL (k: (A)): precedes(j, k) top(A): { j | A(j) AND FORALL (k: (A)): precedes(j, k) } topjob_maxprio: LEMMA FORALL (k: (A)): prio(k) <= prio(top(A)) topjob_dispatch: LEMMA FORALL (k: (A)): prio(k) = prio(top(A)) IMPLIES dispatch(top(A)) <= dispatch(k) END precedence $$$precedence.prf (|precedence| (|topjob_exists| "" (LEMMA "wf_nat") (("" (EXPAND "well_founded?") (("" (SKOSIMP*) (("" (INST-CP - "{ n:nat | EXISTS j: A!1(j) AND prio(j) = maxprio - n }") (("" (GROUND) (("1" (SKOSIMP* :PREDS? T) (("1" (INST -4 "{ t:nat | EXISTS j: A!1(j) AND prio(j) = maxprio - y!1 AND dispatch(j) = t }") (("1" (GROUND) (("1" (SKOSIMP* :PREDS? T) (("1" (EXPAND "precedes") (("1" (INST + "j!2") (("1" (SKOSIMP) (("1" (ASSERT) (("1" (CASE "prio(j!2) = prio(k!1)") (("1" (ASSERT) (("1" (INST - "dispatch(k!1)") (("1" (ASSERT) NIL NIL) ("2" (INST + "k!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (DELETE 3) (("2" (INST -7 "maxprio - prio(k!1)") (("1" (ASSERT) NIL NIL) ("2" (ASSERT) (("2" (INST + "k!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INST + "dispatch(j!1)") (("2" (DELETE 2) (("2" (INST?) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (DELETE -1 2) (("2" (TYPEPRED "A!1") (("2" (GRIND :IF-MATCH NIL) (("2" (INST + "maxprio - prio(x!1)") (("1" (INST?) (("1" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|top_TCC1| "" (INST + "lambda A: epsilon! (j: (A)): FORALL (k: (A)): precedes(j, k)") (("1" (SKOLEM!) (("1" (USE "epsilon_ax[(A!1)]") (("1" (GROUND) (("1" (REWRITE "topjob_exists") NIL NIL)) NIL) ("2" (DELETE 2) (("2" (TYPEPRED "A!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) (|topjob_maxprio| "" (SKOLEM!) (("" (TYPEPRED "top(A!1)") (("" (GRIND) NIL NIL)) NIL)) NIL) (|topjob_dispatch| "" (SKOLEM!) (("" (TYPEPRED "top(A!1)") (("" (GRIND) NIL NIL)) NIL)) NIL)) $$$priority_ceiling.pvs %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Priority ceiling scheduler % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% priority_ceiling [ (IMPORTING programs) job: TYPE, prio: [job -> priority], dispatch: [job -> nat], prog: [job -> prog] ] : THEORY BEGIN ASSUMING j: VAR job s: VAR semaphore good_ceiling: ASSUMPTION member(s, resources(prog(j))) IMPLIES prio(j) <= ceil(s) good_programs: ASSUMPTION well_behaved(prog(j)) ENDASSUMING j1, j2, k: VAR job p: VAR priority n, m, t, t1, t2: VAR nat cmd: VAR command IMPORTING precedence[job, prio, dispatch] %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Resource management state: % % - for each job j: % % alloc(j) = set of semaphores held by j % % request(j) = set of semaphores j is waiting for % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% rsrc_state: TYPE = [# alloc, request: [job -> rsrc_set] #] r, r1, r2: VAR rsrc_state %------------------------------------------------------------------ % Blocking rules: % - a blocker of j is a job that owns an s of ceiling >= prio(j) % - j is blocked if it has pending requests and blockers %------------------------------------------------------------------ blk(r, j): set[job] = { k | k /= j AND EXISTS s: member(s, r`alloc(k)) AND ceil(s) >= prio(j) } blocked(r, j): bool = not empty?(blk(r, j)) AND not empty?(r`request(j)) %--------------------------------------------------- % Allocation request: P(s) by j % - allocates s to j if j has no blocker % - otherwise s is recorded as a pending request % (and j becomes blocked) %--------------------------------------------------- alloc_step(r, j, s): rsrc_state = IF empty?(blk(r, j)) THEN r WITH [ `alloc(j) := add(s, r`alloc(j)) ] ELSE r WITH [ `request(j) := add(s, r`request(j)) ] ENDIF %------------------------------------------------- % Release request: V(s) by j % - removes s from alloc(j) % (no effect if j does not own s) %------------------------------------------------- release_step(r, j, s): rsrc_state = r WITH [ `alloc(j) := remove(s, r`alloc(j)) ] %--------------------------------------------- % Wakeup(r, j): grant j's pending requests %--------------------------------------------- wakeup(r, j): rsrc_state = r WITH [ `alloc(j) := union(r`alloc(j), r`request(j)), `request(j) := emptyset ] %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Scheduler state: % % - rsrc: resource state % % - for each job j: % % pc(j) = program counter for job j % % - time: global time counter % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% sch_state: TYPE = [# rsrc: rsrc_state, pc: [j:job -> pc(prog(j))], time: nat #] q, q1, q2: VAR sch_state %-------------------------------------------------------------------- % Selection of active job in state q: % - finished(q, j): job j is completed % - ready(q, j) : j is ready to execute % - topjob(q, j) : j has highest precedence among the ready jobs % - eligible(q, j): j can be active in state q % ==> either j is a topjob and is not blocked % or j is blocking a topjob k %-------------------------------------------------------------------- finished(q, j): bool = complete(prog(j), q`pc(j)) ready(q, j): bool = dispatch(j) <= q`time AND not finished(q, j) topjob(q, j): bool = ready(q, j) AND (FORALL k: ready(q, k) IMPLIES precedes(j, k)) eligible(q, j): bool = topjob(q, j) AND not blocked(q`rsrc, j) OR (EXISTS k: topjob(q, k) AND blocked(q`rsrc, k) AND member(j, blk(q`rsrc, k))) %--------------------------------------------------- % Execution of a step by job j (requires j ready) % - update rsrc state % - increment j's pc % - increment time counter %--------------------------------------------------- run_step(r, j, cmd): rsrc_state = CASES cmd OF P(s): alloc_step(wakeup(r, j), j, s), V(s): release_step(wakeup(r, j), j, s), Step: wakeup(r, j) ENDCASES step(q, (j | ready(q, j))): sch_state = (# rsrc := run_step(q`rsrc, j, cmd(prog(j), q`pc(j))), pc := q`pc WITH [(j) := q`pc(j) + 1], time := q`time +1 #) %----------------------------- % idle_step: no job active %----------------------------- idle(q): bool = not EXISTS j: eligible(q, j) idle_step(q): sch_state = q WITH [time := q`time + 1] %------------------------------ % Existence of eligible jobs %------------------------------ topjob_maxprio: LEMMA topjob(q, j) AND ready(q, k) IMPLIES prio(k) <= prio(j) topjob_dispatch: LEMMA topjob(q, j) AND ready(q, k) AND prio(k) = prio(j) IMPLIES dispatch(j) <= dispatch(k) topjob_exists: LEMMA (EXISTS j: ready(q, j)) IMPLIES (EXISTS j: topjob(q, j)) eligible_exists: LEMMA (EXISTS j: ready(q, j)) IMPLIES (EXISTS j: eligible(q, j)) %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Invariant for type correctness % % ensures that eligible jobs are ready % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% P(q): bool = (FORALL j: union(q`rsrc`alloc(j), q`rsrc`request(j)) = needs(prog(j), q`pc(j))) AND (FORALL j: q`time <= dispatch(j) IMPLIES q`pc(j) = 0) %------------------- % Invariance of P %------------------- alloc_P: LEMMA union(alloc_step(r, j, s)`alloc(k), alloc_step(r, j, s)`request(k)) = IF j=k THEN add(s, union(r`alloc(k), r`request(k))) ELSE union(r`alloc(k), r`request(k)) ENDIF wakeup_P: LEMMA union(wakeup(r, j)`alloc(k), wakeup(r, j)`request(k)) = union(r`alloc(k), r`request(k)) release_P: LEMMA union(release_step(r, j, s)`alloc(k), release_step(r, j, s)`request(k)) = IF j=k THEN union(remove(s, r`alloc(k)), r`request(k)) ELSE union(r`alloc(k), r`request(k)) ENDIF step_P: LEMMA P(q) AND ready(q, j) IMPLIES P(step(q, j)) idle_P: LEMMA P(q) IMPLIES P(idle_step(q)) %%%%%%%%%%%%%%%%%%%%%%%%%%%% % Good states: satisfy P % %%%%%%%%%%%%%%%%%%%%%%%%%%%% good_state: NONEMPTY_TYPE = (P) g, g1, g2: VAR good_state %---------------------------------------------------- % Any job eligible in a good state is ready %---------------------------------------------------- good_prop: LEMMA needs(prog(j), g`pc(j)) = union(g`rsrc`alloc(j), g`rsrc`request(j)) alloc_not_ready: LEMMA not ready(g, j) IMPLIES empty?(g`rsrc`alloc(j)) alloc_before_dispatch: LEMMA g`time <= dispatch(j) IMPLIES empty?(g`rsrc`alloc(j)) request_not_ready: LEMMA not ready(g, j) IMPLIES empty?(g`rsrc`request(j)) request_before_dispatch: LEMMA g`time <= dispatch(j) IMPLIES empty?(g`rsrc`request(j)) eligible_ready: LEMMA eligible(g, j) IMPLIES ready(g, j) %------------------------------------------- % Ceiling of allocated/requested resource % is higher than job priority %------------------------------------------- alloc_prop1: LEMMA subset?(g`rsrc`alloc(j), resources(prog(j))) ceiling_prop1: LEMMA member(s, g`rsrc`alloc(j)) IMPLIES prio(j) <= ceil(s) alloc_prop2: LEMMA subset?(g`rsrc`request(j), resources(prog(j))) ceiling_prop2: LEMMA member(s, g`rsrc`request(j)) IMPLIES prio(j) <= ceil(s) idle_equiv: LEMMA idle(g) IFF not EXISTS j: ready(g, j) prio_blocker: LEMMA topjob(g, j) AND member(k, blk(g`rsrc, j1)) IMPLIES prio(k) <= prio(j) dispatch_blocker: LEMMA topjob(g, j) AND member(k, blk(g`rsrc, j1)) AND prio(k) = prio(j) IMPLIES dispatch(j) <= dispatch(k) %%%%%%%%%%%%%%%%%%%%%%%%%% % Transition system % %%%%%%%%%%%%%%%%%%%%%%%%%% %------------------ % initial state %------------------ init_rsrc: rsrc_state = (# alloc := lambda j: emptyset, request := lambda j: emptyset #) init_sch: good_state = (# rsrc := init_rsrc, pc := lambda j: 0, time := 0 #) %------------------------ % transition relation %------------------------ T(g1, g2): bool = (idle(g1) AND g2 = idle_step(g1)) OR (EXISTS j: eligible(g1, j) AND g2 = step(g1, j)) %------------------------------------------------------ % - transitions increment time % - jobs ready after a transition were ready before % unless they've just been dispatched %------------------------------------------------------ time_step: LEMMA T(g1, g2) IMPLIES g2`time = 1 + g1`time readiness_step: LEMMA T(g1, g2) AND ready(g2, j) AND dispatch(j) <= g1`time IMPLIES ready(g1, j) %%%%%%%%%%%%%%%%%%%%% % Main Invariants % %%%%%%%%%%%%%%%%%%%%% P2(r): bool = FORALL j, k, s: member(s, r`alloc(j)) AND prio(j) <= prio(k) AND prio(k) <= ceil(s) AND j /= k IMPLIES empty?(r`alloc(k)) P3(r): bool = FORALL j, s: member(s, r`alloc(j)) IMPLIES prio(j) <= ceil(s) Q(g): bool = FORALL j, k: ready(g, j) AND prio(k) <= prio(j) AND dispatch(j) < dispatch(k) IMPLIES empty?(g`rsrc`alloc(k)) %------------------- % Invariance of Q %------------------- init_Q: LEMMA Q(init_sch) step_Q: LEMMA Q(g1) AND T(g1, g2) IMPLIES Q(g2) %------------------------- % Induction step for P2 %------------------------- alloc_P2: LEMMA P3(r) AND P2(r) IMPLIES P2(alloc_step(r, j, s)) wakeup_P2: LEMMA P3(r) AND P2(r) AND not blocked(r, j) IMPLIES P2(wakeup(r, j)) release_P2: LEMMA P2(r) IMPLIES P2(release_step(r, j, s)) %--------------------------------- % Auxiliary results: % - blocking is intransitive % - P3 holds in good states % - eligible job is not blocked %--------------------------------- intransitive_blocking: LEMMA P2(r) AND member(j1, blk(r, k)) AND prio(j2) <= prio(k) IMPLIES NOT member(j2, blk(r, j1)) invar_P2_aux: LEMMA P3(g`rsrc) invar_P2_aux2: LEMMA P3(wakeup(g`rsrc, j)) step_P2_aux: LEMMA P2(g`rsrc) AND eligible(g, j) IMPLIES not blocked(g`rsrc, j) %-------------------- % Invariance of P2 %-------------------- init_P2: LEMMA P2(init_rsrc) step_P2: LEMMA P2(g1`rsrc) AND T(g1, g2) IMPLIES P2(g2`rsrc) %%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Consequences of P2 and Q % %%%%%%%%%%%%%%%%%%%%%%%%%%%%% %-------------------- % Mutual exclusion %--------------------- mutual_exclusion: LEMMA P2(r) AND P3(r) AND j /= k IMPLIES disjoint?(r`alloc(j), r`alloc(k)) %------------------------------------------------------------- % Job of lower priority than j that can run when j is ready %------------------------------------------------------------- blockers(r, j): set[job] = { k | member(k, blk(r, j)) AND prio(k) < prio(j) } unique_blocker: LEMMA P2(r) AND member(j1, blockers(r, k)) AND member(j2, blockers(r, k)) IMPLIES j1 = j2 blockers_in_cs: LEMMA member(k, blockers(g`rsrc, j)) IMPLIES cs(prog(k), g`pc(k), prio(j)) eligible_prio: LEMMA Q(g) AND ready(g, j) AND eligible(g, k) IMPLIES precedes(k, j) OR member(k, blockers(g`rsrc, j)) blockers_step: LEMMA Q(g1) AND ready(g1, j) AND T(g1, g2) IMPLIES subset?(blockers(g2`rsrc, j), blockers(g1`rsrc, j)) %---------------------------------------------------------------------------- % blockers(r, p): jobs of priority

= p %---------------------------------------------------------------------------- blockers(r, p): set[job] = { k | prio(k) < p AND EXISTS s: member(s, r`alloc(k)) AND ceil(s) >= p } unique_blocker2: LEMMA P2(r) AND member(j1, blockers(r, p)) AND member(j2, blockers(r, p)) IMPLIES j1 = j2 blockers_in_cs2: LEMMA member(k, blockers(g`rsrc, p)) IMPLIES cs(prog(k), g`pc(k), p) eligible_prio2: LEMMA (EXISTS j: prio(j) >= p AND ready(g, j)) AND eligible(g, k) IMPLIES prio(k) >= p OR member(k, blockers(g`rsrc, p)) blockers_step2: LEMMA (EXISTS j: prio(j) >= p AND ready(g1, j)) AND T(g1, g2) IMPLIES subset?(blockers(g2`rsrc, p), blockers(g1`rsrc, p)) END priority_ceiling $$$priority_ceiling.prf (|priority_ceiling| (|step_TCC1| "" (SUBTYPE-TCC) NIL NIL) (|step_TCC2| "" (SUBTYPE-TCC) NIL NIL) (|topjob_maxprio| "" (GRIND :EXCLUDE "ready") NIL NIL) (|topjob_dispatch| "" (GRIND :EXCLUDE "ready") NIL NIL) (|topjob_exists| "" (SKOSIMP) (("" (USE "precedence[job,prio,dispatch].topjob_exists" ("A" "{ j | ready(q!1, j) }")) (("1" (DELETE -2) (("1" (GRIND :DEFS NIL :REWRITES ("topjob") :POLARITY? T) NIL NIL)) NIL) ("2" (DELETE 2) (("2" (GRIND :EXCLUDE ("ready")) NIL NIL)) NIL)) NIL)) NIL) (|eligible_exists| "" (SKOSIMP) (("" (FORWARD-CHAIN "topjob_exists") (("" (DELETE -2) (("" (SKOLEM!) (("" (CASE "blocked(q!1`rsrc, j!1)") (("1" (ASSERT) (("1" (EXPAND* "blocked" "empty?") (("1" (SKOSIMP*) (("1" (INST + "x!1") (("1" (EXPAND "eligible") (("1" (FLATTEN) (("1" (INST?) (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (INST?) (("2" (EXPAND "eligible") (("2" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|alloc_P| "" (SKOLEM!) (("" (APPLY-EXTENSIONALITY :HIDE? T) (("" (GRIND) NIL NIL)) NIL)) NIL) (|wakeup_P| "" (SKOLEM!) (("" (APPLY-EXTENSIONALITY :HIDE? T) (("" (GRIND) NIL NIL)) NIL)) NIL) (|release_P| "" (SKOLEM!) (("" (APPLY-EXTENSIONALITY :HIDE? T) (("" (GRIND) NIL NIL)) NIL)) NIL) (|step_P| "" (EXPAND "P") (("" (SKOSIMP) (("" (SPLIT) (("1" (DELETE -2) (("1" (AUTO-REWRITE "alloc_P" "wakeup_P" "release_P" "needs" ("step" "run_step")) (("1" (SKOSIMP) (("1" (INST - "j!2") (("1" (SMASH) (("1" (REPLACE*) (("1" (REPLACE -3 + RL) (("1" (DELETE -1 -2 -3 1) (("1" (APPLY-EXTENSIONALITY :HIDE? T) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (DELETE -1) (("2" (GRIND :EXCLUDE ("finished" "run_step") :IF-MATCH NIL) (("2" (INST?) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|idle_P| "" (GRIND :EXCLUDE ("union" "needs")) NIL NIL) (|good_state_TCC1| "" (INST + "(# rsrc:= (# alloc:= lambda j: emptyset, request:= lambda j: emptyset #), pc:= lambda j: 0, time := 0 #)") (("1" (GRIND) (("1" (APPLY-EXTENSIONALITY :HIDE? T) NIL NIL)) NIL) ("2" (SKOLEM!) (("2" (ASSERT) NIL NIL)) NIL)) NIL) (|good_prop| "" (AUTO-REWRITE "P") (("" (REDUCE) NIL NIL)) NIL) (|alloc_not_ready| "" (GRIND :IF-MATCH NIL) (("1" (INST?) (("1" (USE "good_programs") (("1" (EXPAND "well_behaved") (("1" (REPLACE*) (("1" (REPLACE -2 - RL) (("1" (DELETE -2 -3 -4) (("1" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INST?) (("2" (INST?) (("2" (ASSERT) (("2" (REPLACE*) (("2" (ASSERT) (("2" (REWRITE "emptyset_is_empty?" :DIR RL) (("2" (DELETE -2 1) (("2" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|alloc_before_dispatch| "" (GRIND) (("" (REWRITE "emptyset_is_empty?[semaphore]" :DIR RL) (("" (INST?) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) (|request_not_ready| "" (GRIND :IF-MATCH NIL) (("1" (INST?) (("1" (USE "good_programs") (("1" (EXPAND "well_behaved") (("1" (REPLACE*) (("1" (REPLACE -2 - RL) (("1" (DELETE -2 -3 -4) (("1" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INST?) (("2" (INST?) (("2" (ASSERT) (("2" (REPLACE*) (("2" (ASSERT) (("2" (REWRITE "emptyset_is_empty?" :DIR RL) (("2" (DELETE -2 1) (("2" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|request_before_dispatch| "" (GRIND) (("" (REWRITE "emptyset_is_empty?[semaphore]" :DIR RL) (("" (INST?) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) (|eligible_ready| "" (EXPAND "eligible") (("" (REDUCE) (("1" (FORWARD-CHAIN "alloc_not_ready") (("1" (DELETE -2 -3 -4 1) (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (EXPAND "topjob") (("2" (PROPAX) NIL NIL)) NIL)) NIL)) NIL) (|alloc_prop1| "" (SKOSIMP :PREDS? T) (("" (EXPAND "P") (("" (GROUND) (("" (INST?) (("" (USE "rsrc_needs4") (("" (REPLACE -2 - RL) (("" (DELETE -2 -3) (("" (GRIND :EXCLUDE ("resources")) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|ceiling_prop1| "" (SKOSIMP) (("" (REWRITE "good_ceiling") (("" (USE "alloc_prop1") (("" (GRIND :EXCLUDE "resources") NIL NIL)) NIL)) NIL)) NIL) (|alloc_prop2| "" (SKOSIMP :PREDS? T) (("" (EXPAND "P") (("" (GROUND) (("" (INST?) (("" (USE "rsrc_needs4") (("" (REPLACE -2 - RL) (("" (DELETE -2 -3) (("" (GRIND :EXCLUDE ("resources")) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|ceiling_prop2| "" (SKOSIMP) (("" (REWRITE "good_ceiling") (("" (USE "alloc_prop2") (("" (GRIND :EXCLUDE "resources") NIL NIL)) NIL)) NIL)) NIL) (|idle_equiv| "" (EXPAND "idle") (("" (SKOLEM!) (("" (GROUND) (("1" (REWRITE "eligible_exists") NIL NIL) ("2" (SKOLEM!) (("2" (INST?) (("2" (USE "eligible_ready") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|prio_blocker| "" (SKOSIMP) (("" (USE "topjob_maxprio") (("" (ASSERT) (("" (FORWARD-CHAIN "alloc_not_ready") (("" (DELETE -2 1 2) (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|dispatch_blocker| "" (SKOSIMP) (("" (USE "topjob_dispatch") (("" (ASSERT) (("" (FORWARD-CHAIN "alloc_not_ready") (("" (DELETE -2 -4 1 2) (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|init_sch_TCC1| "" (SUBTYPE-TCC) NIL NIL) (|init_sch_TCC2| "" (GRIND) (("" (APPLY-EXTENSIONALITY :HIDE? T) NIL NIL)) NIL) (T_TCC1 "" (SKOSIMP*) (("" (DELETE 1) (("" (FORWARD-CHAIN "eligible_ready") NIL NIL)) NIL)) NIL) (|time_step| "" (GRIND :EXCLUDE ("eligible" "run_step")) NIL NIL) (|readiness_step| "" (SKOSIMP) (("" (EXPAND "T") (("" (REDUCE) (("1" (EXPAND* "idle_step" "ready" "finished") NIL NIL) ("2" (CASE-REPLACE "j!1 = j!2") (("1" (FORWARD-CHAIN "eligible_ready") NIL NIL) ("2" (ASSERT) (("2" (EXPAND* "step" "ready" "finished" "complete") NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|init_Q| "" (GRIND) NIL NIL) (|step_Q| "" (EXPAND "Q") (("" (SKOSIMP*) (("" (USE "readiness_step" ("g1" "g1!1" "g2" "g2!1")) (("" (GROUND) (("1" (INST?) (("1" (ASSERT) (("1" (AUTO-REWRITE "idle_equiv" "T") (("1" (REDUCE) (("1" (DELETE -4 -5) (("1" (CASE-REPLACE "j!2 = k!1") (("1" (ASSERT) (("1" (DELETE +) (("1" (EXPAND "eligible") (("1" (REDUCE) (("1" (DELETE -1 -2 -4 -5 -7 -8) (("1" (GRIND) NIL NIL)) NIL) ("2" (EXPAND* "topjob" "precedes") (("2" (GROUND) (("2" (INST - "j!1") (("2" (GROUND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND :EXCLUDE ("eligible")) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (FORWARD-CHAIN "time_step") (("2" (REWRITE "alloc_not_ready") (("2" (EXPAND "ready") (("2" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|alloc_P2| "" (GRIND :IF-MATCH NIL :EXCLUDE "empty?") (("1" (DELETE -2) (("1" (EXPAND "empty?") (("1" (SKOLEM!) (("1" (INST - "k!1" "x!1") (("1" (INST - "k!1") (("1" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INST - "j!2" "k!1" "s!2") (("2" (ASSERT) NIL NIL)) NIL) ("3" (DELETE -1 -2 3) (("3" (EXPAND "empty?") (("3" (INST - "j!2") (("3" (REDUCE) NIL NIL)) NIL)) NIL)) NIL) ("4" (INST - "j!2" "k!1" "s!2") (("4" (ASSERT) NIL NIL)) NIL)) NIL) (|wakeup_P2| "" (GRIND :IF-MATCH NIL :EXCLUDE "empty?") (("1" (INST - "j!2" "k!1" "s!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (DELETE -2 -4 -5 -7) (("2" (EXPAND "empty?") (("2" (SKOLEM!) (("2" (INST - "k!1" "x!1") (("2" (INST - "k!1") (("2" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (DELETE -1 -2 3) (("3" (EXPAND "empty?") (("3" (INST - "j!2") (("3" (REDUCE) NIL NIL)) NIL)) NIL)) NIL) ("4" (INST - "j!2" "k!1" "s!1") (("4" (ASSERT) NIL NIL)) NIL) ("5" (INST - "j!2" "k!1" "s!1") (("5" (ASSERT) NIL NIL)) NIL) ("6" (DELETE -1 -2 -4 -6 -7 1 2) (("6" (EXPAND "empty?") (("6" (REDUCE) NIL NIL)) NIL)) NIL) ("7" (INST - "j!2" "k!1" "s!1") (("7" (ASSERT) (("7" (DELETE -1 -4 -5 -6 -7 1 2) (("7" (EXPAND "empty?") (("7" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("8" (INST - "j!2" "k!1" "s!1") (("8" (ASSERT) NIL NIL)) NIL)) NIL) (|release_P2| "" (GRIND :IF-MATCH NIL :EXCLUDE ("empty?")) (("1" (INST - "j!2" "k!1" "s!2") (("1" (ASSERT) NIL NIL)) NIL) ("2" (INST - "j!2" "k!1" "s!2") (("2" (ASSERT) (("2" (DELETE -2 -3 -4 -5 1 2) (("2" (EXPAND "empty?") (("2" (SKOLEM!) (("2" (ASSERT) (("2" (INST?) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (INST - "j!2" "k!1" "s!2") (("3" (ASSERT) NIL NIL)) NIL)) NIL) (|intransitive_blocking| "" (GRIND :IF-MATCH NIL) (("" (CASE "prio(j1!1) <= prio(j2!1)") (("1" (INST - "j1!1" "j2!1" "s!1") (("1" (ASSERT) (("1" (INST?) NIL NIL)) NIL)) NIL) ("2" (INST - "j2!1" "j1!1" "s!2") (("2" (ASSERT) (("2" (INST?) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|invar_P2_aux| "" (EXPAND "P3") (("" (SKOSIMP*) (("" (FORWARD-CHAIN "ceiling_prop1") NIL NIL)) NIL)) NIL) (|invar_P2_aux2| "" (SKOLEM-TYPEPRED) (("" (USE "invar_P2_aux" ("g" "g!1 WITH [rsrc := wakeup(g!1`rsrc, j!1)]")) (("" (DELETE 2) (("" (EXPAND "P") (("" (GROUND) (("" (DELETE -2) (("" (AUTO-REWRITE "wakeup_P") (("" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|step_P2_aux| "" (EXPAND "eligible") (("" (REDUCE) (("" (DELETE -4) (("" (EXPAND* "blocked" "empty?") (("" (REDUCE) (("" (USE "intransitive_blocking" ("j1" "j!1")) (("" (ASSERT) (("" (DELETE -4) (("" (FORWARD-CHAIN "prio_blocker") NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|init_P2| "" (GRIND) NIL NIL) (|step_P2| "" (AUTO-REWRITE "idle_step" "alloc_P2" "wakeup_P2" "release_P2" "step_P2_aux" "invar_P2_aux" "invar_P2_aux2" ("step" "run_step" "T")) (("" (REDUCE) NIL NIL)) NIL) (|mutual_exclusion| "" (GRIND :IF-MATCH NIL) (("" (INST? -2 :IF-MATCH ALL) (("" (ASSERT) (("" (INST-CP - "j!1" "k!1" "x!1") (("" (INST - "k!1" "j!1" "x!1") (("" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|unique_blocker| "" (GRIND :IF-MATCH NIL) (("" (CASE "prio(j1!1) <= prio(j2!1)") (("1" (INST - "j1!1" "j2!1" "s!1") (("1" (ASSERT) (("1" (INST?) NIL NIL)) NIL)) NIL) ("2" (INST - "j2!1" "j1!1" "s!2") (("2" (ASSERT) (("2" (INST?) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|blockers_in_cs| "" (SKOSIMP) (("" (GRIND :EXCLUDE ("needs") :REWRITES ("good_prop")) NIL NIL)) NIL) (|eligible_prio| "" (SKOSIMP) (("" (CASE "topjob(g!1, k!1)") (("1" (ASSERT) (("1" (EXPAND* "topjob" "precedes") (("1" (FLATTEN) (("1" (INST?) (("1" (GROUND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (EXPAND "eligible") (("2" (SKOSIMP) (("2" (DELETE 1) (("2" (CASE "prio(j!1) = prio(k!1)") (("1" (ASSERT) (("1" (EXPAND "Q") (("1" (INST - "j!1" "k!1") (("1" (ASSERT) (("1" (EXPAND "precedes") (("1" (DELETE -1 -3 -4 -5 2) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (FORWARD-CHAIN "topjob_maxprio") (("2" (DELETE -2 -3 -4 -5) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|blockers_step| "" (SKOSIMP) (("" (EXPAND* "T" "subset?") (("" (REDUCE) (("1" (EXPAND "idle_step") (("1" (PROPAX) NIL NIL)) NIL) ("2" (DELETE -4) (("2" (CASE-REPLACE "j!2 = x!1") (("1" (CASE "prio(j!1) <= prio(x!1)") (("1" (ASSERT) (("1" (DELETE -2 -3 -4 -5 1) (("1" (GRIND :EXCLUDE ("blk" "step")) NIL NIL)) NIL)) NIL) ("2" (FORWARD-CHAIN "eligible_prio") (("2" (EXPAND "precedes") (("2" (GROUND) NIL NIL)) NIL)) NIL)) NIL) ("2" (FORWARD-CHAIN "eligible_ready") (("2" (ASSERT) (("2" (DELETE -1 -2 -3 -4) (("2" (EXPAND* "member" "blockers") (("2" (GROUND) (("2" (DELETE -2) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|unique_blocker2| "" (GRIND :IF-MATCH NIL) (("" (CASE "prio(j1!1) <= prio(j2!1)") (("1" (INST - "j1!1" "j2!1" "s!1") (("1" (ASSERT) (("1" (INST?) NIL NIL)) NIL)) NIL) ("2" (INST - "j2!1" "j1!1" "s!2") (("2" (ASSERT) (("2" (INST?) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|blockers_in_cs2| "" (SKOSIMP) (("" (GRIND :EXCLUDE ("needs") :REWRITES ("good_prop")) NIL NIL)) NIL) (|eligible_prio2| "" (SKOSIMP*) (("" (GRIND :EXCLUDE ("blocked")) NIL NIL)) NIL) (|blockers_step2| "" (SKOSIMP) (("" (EXPAND* "T" "subset?" "idle_step") (("" (REDUCE) (("" (DELETE -4) (("" (CASE-REPLACE "j!2 = x!1") (("1" (USE "eligible_prio2") (("1" (GROUND) (("1" (DELETE -2 -3 -4 -5 1) (("1" (GRIND :EXCLUDE ("step")) NIL NIL)) NIL)) NIL)) NIL) ("2" (FORWARD-CHAIN "eligible_ready") (("2" (ASSERT) (("2" (DELETE -1 -2 -3 -4) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) $$$traces.pvs %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Traces for priority ceiling protocol % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% traces [ (IMPORTING programs) job: TYPE, prio: [job -> priority], dispatch: [job -> nat], prog: [job -> prog] ] : THEORY BEGIN ASSUMING j: VAR job s: VAR semaphore good_ceiling: ASSUMPTION member(s, resources(prog(j))) IMPLIES prio(j) <= ceil(s) good_programs: ASSUMPTION well_behaved(prog(j)) ENDASSUMING IMPORTING priority_ceiling[job, prio, dispatch, prog] j1, j2, k: VAR job p: VAR priority n, m, t, t1, t2: VAR nat g, g1, g2: VAR good_state %%%%%%%%%%%%%%% % Traces % %%%%%%%%%%%%%%% %----------------------- % Existence of traces %----------------------- next_state_exists: LEMMA EXISTS g2: T(g1, g2) tr(t): RECURSIVE good_state = IF t=0 THEN init_sch ELSE epsilon! g: T(tr(t-1), g) ENDIF MEASURE t %---------- % traces %---------- trace: NONEMPTY_TYPE = { w: [nat -> good_state] | w(0) = init_sch AND FORALL t: T(w(t), w(t+1)) } CONTAINING tr tr_is_a_trace: JUDGEMENT tr HAS_TYPE trace u, v: VAR trace init_trace: LEMMA u(0) = init_sch step_trace: LEMMA T(u(t), u(t+1)) %------------------- % Main invariants %------------------- invariance_P2: PROPOSITION FORALL t: P2(u(t)`rsrc) invariance_Q: PROPOSITION FORALL t: Q(u(t)) time_invariant: PROPOSITION FORALL t: u(t)`time = t %------------- % Clean up %------------- pc(u, j, t): pc(prog(j)) = u(t)`pc(j) finished(u, j, t): bool = finished(u(t), j) ready(u, j, t): bool = ready(u(t), j) active(u, j, t): bool = eligible(u(t), j) AND u(t+1) = step(u(t), j) blockers(u, j, t): set[job] = blockers(u(t)`rsrc, j) blockers(u, p, t): set[job] = blockers(u(t)`rsrc, p) busy(u, p, t): bool = EXISTS j: prio(j) >= p AND ready(u, j, t) busy(u, p, t1, t2): bool = FORALL t: t1 <= t AND t <= t2 IMPLIES busy(u, p, t) %------------------------------------ % Results from priority_ceiling %------------------------------------ pc_init: LEMMA pc(u, j, 0) = 0 pc_step: LEMMA pc(u, j, t+1) = IF active(u, j, t) THEN pc(u, j, t) + 1 ELSE pc(u, j, t) ENDIF pc_increasing: LEMMA t1 <= t2 IMPLIES pc(u, j, t1) <= pc(u, j, t2) pc_before_dispatch: LEMMA t <= dispatch(j) IMPLIES pc(u, j, t) = 0 active_ready: LEMMA active(u, j, t) IMPLIES ready(u, j, t) active_unique: LEMMA active(u, j, t) AND active(u, k, t) IMPLIES j = k ready_after_dispatch: LEMMA ready(u, j, t) IMPLIES dispatch(j) <= t ready_equiv: LEMMA ready(u, j, t) IFF dispatch(j) <= t AND pc(u, j, t) < length(prog(j)) ready_at_dispatch: LEMMA ready(u, j, dispatch(j)) finished_equiv: LEMMA finished(u, j, t) IFF pc(u, j, t) = length(prog(j)) finished_stable: LEMMA t1 <= t2 AND finished(u, j, t1) IMPLIES finished(u, j, t2) readiness: LEMMA (EXISTS j: ready(u, j, t)) IMPLIES (EXISTS j: active(u, j, t)) readiness_step2: LEMMA ready(u, j, t+1) AND dispatch(j) <= t IMPLIES ready(u, j, t) readiness_interval: LEMMA ready(u, j, t1) AND dispatch(j) <= t AND t <= t1 IMPLIES ready(u, j, t) active_prio: LEMMA active(u, k, t) AND ready(u, j, t) IMPLIES precedes(k, j) OR member(k, blockers(u, j, t)) active_prio2: LEMMA busy(u, p, t) AND active(u, k, t) IMPLIES prio(k) >= p OR member(k, blockers(u, p, t)) single_blocker: LEMMA member(j1, blockers(u, k, t)) AND member(j2, blockers(u, k, t)) IMPLIES j1 = j2 single_blocker2: LEMMA member(j1, blockers(u, p, t)) AND member(j2, blockers(u, p, t)) IMPLIES j1 = j2 blocker_in_cs: LEMMA member(j, blockers(u, k, t)) IMPLIES cs(prog(j), pc(u, j, t), prio(k)) blocker_in_cs2: LEMMA member(k, blockers(u, p, t)) IMPLIES cs(prog(k), pc(u, k, t), p) blocker_step: LEMMA ready(u, j, t) IMPLIES subset?(blockers(u, j, t+1), blockers(u, j, t)) blocker_step2: LEMMA busy(u, p, t) IMPLIES subset?(blockers(u, p, t+1), blockers(u, p, t)) %% Stuff for DASC talk alloc(u, j, t): rsrc_set = u(t)`rsrc`alloc(j) mutual_exclusion: LEMMA j /= k IMPLIES disjoint?(alloc(u, j, t), alloc(u, k, t)) %%%%%%%%%%%%%%%%%%%%%%%%%%% % Scheduling analysis % %%%%%%%%%%%%%%%%%%%%%%%%%%% IMPORTING schedules[job] %----------------------------- % schedule given by trace u %----------------------------- sch(u): schedule = sched(lambda j, t: active(u, j, t)) active_prop: LEMMA active(sch(u), j, t) IFF active(u, j, t) process_time1: LEMMA process_time(sch(u), t, j) = pc(u, j, t) process_time2: LEMMA t1 <= t2 IMPLIES process_time(sch(u), t1, t2, j) = pc(u, j, t2) - pc(u, j, t1) process_time_max: LEMMA process_time(sch(u), t, j) <= length(prog(j)) process_time_before_dispatch: LEMMA t <= dispatch(j) IMPLIES process_time(sch(u), t, j) = 0 process_time_at_dispatch: LEMMA process_time(sch(u), dispatch(j), j) = 0 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Blocking time for a job j % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %------------------------------------------------------- % the blocker of j is determined at j's dispatch time %------------------------------------------------------- blocker(u, j): set[job] = blockers(u, j, dispatch(j)) blockers_at_dispatch: LEMMA ready(u, j, t) IMPLIES subset?(blockers(u, j, t), blocker(u, j)) active_priority: LEMMA ready(u, j, t) AND active(u, k, t) IMPLIES precedes(k, j) OR member(k, blocker(u, j)) blockers_in_critical_section: LEMMA ready(u, j, t) AND member(k, blocker(u, j)) AND t1=dispatch(j) IMPLIES pc(u, k, t) = pc(u, k, t1) OR critical_section(prog(k), pc(u, k, t1), pc(u, k, t), prio(j)) blockers_dispatch: LEMMA member(k, blocker(u, j)) IMPLIES dispatch(k) < dispatch(j) %------------------ % Blocking for j %------------------ the_blocker(u, (j | not empty?(blocker(u, j)))): job = choose(blocker(u, j)) blocker_def: LEMMA empty?(blocker(u, j)) OR blocker(u, j) = singleton(the_blocker(u, j)) blocker_prio: LEMMA not empty?(blocker(u, j)) IMPLIES prio(the_blocker(u, j)) < prio(j) blocker_prop: LEMMA not empty?(blocker(u, j)) IMPLIES j /= the_blocker(u, j) blocking(u, j): nat = IF empty?(blocker(u, j)) THEN 0 ELSE max_cs(prog(the_blocker(u, j)), prio(j)) ENDIF blocking_time: LEMMA ready(u, j, t2) AND t1=dispatch(j) IMPLIES process_time(sch(u), t1, t2, blocker(u, j)) <= blocking(u, j) %--------------------------------------------------------------------------- % schedulable(u, j, t): j can fit in the interval [dispatch(j), t] %--------------------------------------------------------------------------- H(j): set[job] = { k | k /= j AND precedes(k, j) } schedulable(u, j, t): bool = process_time(sch(u), dispatch(j), t, H(j)) + blocking(u, j) + length(prog(j)) <= t - dispatch(j) process_time_ready_job: LEMMA ready(u, j, t2) AND t1 = dispatch(j) IMPLIES process_time(sch(u), t1, t2, j) = (t2 - t1) - process_time(sch(u), t1, t2, H(j)) - process_time(sch(u), t1, t2, blocker(u, j)) schedulable_prop: LEMMA schedulable(u, j, t) IMPLIES finished(u, j, t) %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Blocking for the set of jobs of priority >= p % % in a busy interval [t1, t2] % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% K(p): set[job] = { j | prio(j) >= p } %---------------------------------------------------------- % The blocker is determined at the start of the interval %---------------------------------------------------------- blockers_busy: LEMMA busy(u, p, t1, t2) AND t1 <= t AND t <= t2 IMPLIES subset?(blockers(u, p, t), blockers(u, p, t1)) active_priority2: LEMMA busy(u, p, t1, t2) AND t1 <= t AND t <= t2 AND active(u, j, t) IMPLIES prio(j) >= p OR member(j, blockers(u, p, t1)) blocker_in_critical_section2: LEMMA busy(u, p, t1, t2) AND member(k, blockers(u, p, t1)) AND t1 <= t AND t <= t2 IMPLIES pc(u, k, t) = pc(u, k, t1) OR critical_section(prog(k), pc(u, k, t1), pc(u, k, t), p) blocker_dispatch2: LEMMA member(k, blockers(u, p, t1)) IMPLIES dispatch(k) < t1 %--------------------- % Blocking for K(p) %--------------------- the_blocker(u, p, (t | not empty?(blockers(u, p, t)))): job = choose(blockers(u, p, t)) blocker_def2: LEMMA empty?(blockers(u, p, t)) OR blockers(u, p, t) = singleton(the_blocker(u, p, t)) blocker_prio2: LEMMA not empty?(blockers(u, p, t)) IMPLIES prio(the_blocker(u, p, t)) < p blocking(u, p, t): nat = IF empty?(blockers(u, p, t)) THEN 0 ELSE max_cs(prog(the_blocker(u, p, t)), p) ENDIF blocking_time2: LEMMA busy(u, p, t1, t2) IMPLIES process_time(sch(u), t1, t2, blockers(u, p, t1)) <= blocking(u, p, t1) %----------------------------------------------------- % Process time allocated to K(p) in a busy interval %----------------------------------------------------- process_time_busy_interval: LEMMA busy(u, p, t1, t2) AND t1 <= t2 IMPLIES process_time(sch(u), t1, t2, K(p)) = t2 - t1 - process_time(sch(u), t1, t2, blockers(u, p, t1)) busy_time2: LEMMA busy(u, p, t1, t2) AND t1 <= t2 IMPLIES process_time(sch(u), t1, t2, K(p)) >= t2 - t1 - blocking(u, p, t1) %----------------------------------------------------------------- % Relation between blocker of j and blocker of K(p) in [t1, t2] %----------------------------------------------------------------- blockers_prop: LEMMA busy(u, p, t1, t2) AND t1 <= dispatch(j) AND dispatch(j) <= t2 AND prio(j) = p IMPLIES subset?(blocker(u, j), blockers(u, p, t1)) blocking_prop: LEMMA busy(u, p, t1, t2) AND t1 <= dispatch(j) AND dispatch(j) <= t2 AND prio(j) = p IMPLIES blocking(u, j) = 0 OR blocking(u, j) = blocking(u, p, t1) END traces $$$traces.prf (traces (good_ceiling 0 (good_ceiling-1 nil 3237060222 nil nil nil nil nil nil nil shostak)) (good_programs 0 (good_programs-1 nil 3237060222 nil nil nil nil nil nil nil shostak)) (IMP_priority_ceiling_TCC1 0 (IMP_priority_ceiling_TCC1-1 nil 3237060221 3251730776 ("" (lemma "good_ceiling") (("" (propax) nil nil)) nil) proved ((good_ceiling formula-decl nil traces nil)) 27 20 nil nil)) (IMP_priority_ceiling_TCC2 0 (IMP_priority_ceiling_TCC2-1 nil 3237060221 3251730776 ("" (lemma "good_programs") (("" (propax) nil nil)) nil) proved ((good_programs formula-decl nil traces nil)) 16 10 nil nil)) (next_state_exists 0 (next_state_exists-1 nil 3237060221 3251730776 ("" (auto-rewrite "T" "idle_P" "step_P" "eligible_ready") (("" (skolem!) (("" (case "idle(g1!1)") (("1" (inst + "idle_step(g1!1)") (("1" (assert) nil nil)) nil) ("2" (assert) (("2" (expand "idle") (("2" (skolem!) (("2" (assert) (("2" (inst + "step(g1!1, j!1)") (("2" (inst?) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((step_P formula-decl nil priority_ceiling nil) (eligible_ready formula-decl nil priority_ceiling nil) (ready const-decl "bool" priority_ceiling nil) (step const-decl "sch_state" priority_ceiling nil) (idle_P formula-decl nil priority_ceiling nil) (idle_step const-decl "sch_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (job formal-type-decl nil traces nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (idle const-decl "bool" priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil)) 117 100 nil nil)) (tr_TCC1 0 (tr_TCC1-1 nil 3237060221 3251730777 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (nat nonempty-type-eq-decl nil naturalnumbers nil)) 78 70 nil nil)) (tr_TCC2 0 (tr_TCC2-1 nil 3237060221 3251730777 ("" (termination-tcc) nil nil) proved nil 24 20 nil nil)) (trace_TCC1 0 (trace_TCC1-1 nil 3237060221 3251730777 ("" (auto-rewrite "tr") (("" (ground) (("" (skolem!) (("" (use "epsilon_ax[good_state]") (("" (assert) (("" (rewrite "next_state_exists") nil nil)) nil)) nil)) nil)) nil)) nil) proved ((tr def-decl "good_state" traces nil) (epsilon_ax formula-decl nil epsilons nil) (job formal-type-decl nil traces nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (pred type-eq-decl nil defined_types nil) (next_state_exists formula-decl nil traces nil)) 95 80 nil nil)) (tr_is_a_trace 0 (tr_is_a_trace-1 nil 3237060221 3251730777 ("" (lemma "trace_TCC1") (("" (propax) nil nil)) nil) proved ((trace_TCC1 subtype-tcc nil traces nil)) 16 10 nil nil)) (init_trace 0 (init_trace-1 nil 3237060221 3251730777 ("" (reduce) nil nil) proved nil 19 20 nil nil)) (step_trace 0 (step_trace-1 nil 3237060221 3251730777 ("" (reduce :polarity? t) nil nil) proved ((trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (job formal-type-decl nil traces nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (>= const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) 157 140 nil nil)) (invariance_P2 0 (invariance_P2-1 nil 3237060221 3251730777 ("" (auto-rewrite "init_sch" "init_P2") (("" (skolem + ("u!1" _)) (("" (induct "t") (("1" (assert) (("1" (rewrite "init_trace") (("1" (assert) nil nil)) nil)) nil) ("2" (skosimp) (("2" (use* "step_trace" "step_P2") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((step_P2 formula-decl nil priority_ceiling nil) (step_trace formula-decl nil traces nil) (init_P2 formula-decl nil priority_ceiling nil) (init_trace formula-decl nil traces nil) (nat_induction formula-decl nil naturalnumbers nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (P2 const-decl "bool" priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (rsrc_set type-eq-decl nil basic_types nil) (job formal-type-decl nil traces nil) (pred type-eq-decl nil defined_types nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 242 220 nil nil)) (invariance_Q 0 (invariance_Q-1 nil 3237060221 3251730777 ("" (skolem + ("u!1" _)) (("" (auto-rewrite "init_Q" "init_trace") (("" (induct "t") (("1" (assert) (("1" (rewrite "init_trace") (("1" (assert) nil nil)) nil)) nil) ("2" (skosimp) (("2" (use* "step_trace" "step_Q") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((step_Q formula-decl nil priority_ceiling nil) (step_trace formula-decl nil traces nil) (init_Q formula-decl nil priority_ceiling nil) (init_trace formula-decl nil traces nil) (nat_induction formula-decl nil naturalnumbers nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (Q const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (job formal-type-decl nil traces nil) (pred type-eq-decl nil defined_types nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 227 160 nil nil)) (time_invariant 0 (time_invariant-1 nil 3237060221 3251730778 ("" (auto-rewrite "init_sch") (("" (induct "t") (("1" (skolem!) (("1" (rewrite "init_trace") (("1" (assert) nil nil)) nil)) nil) ("2" (skosimp*) (("2" (inst?) (("2" (use "step_trace") (("2" (grind :exclude ("idle" "eligible" "run_step")) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pred type-eq-decl nil defined_types nil) (job formal-type-decl nil traces nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (nat_induction formula-decl nil naturalnumbers nil) (init_trace formula-decl nil traces nil) (step const-decl "sch_state" priority_ceiling nil) (cmd const-decl "command" programs nil) (idle_step const-decl "sch_state" priority_ceiling nil) (step_trace formula-decl nil traces nil)) 672 640 nil nil)) (active_TCC1 0 (active_TCC1-1 nil 3237060221 3251730778 ("" (skosimp) (("" (forward-chain "eligible_ready") nil nil)) nil) proved ((eligible_ready formula-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil)) 54 40 nil nil)) (pc_init 0 (pc_init-1 nil 3237060221 3251730778 ("" (grind :exclude ("T")) nil nil) proved ((pc const-decl "pc(prog(j))" traces nil) (init_rsrc const-decl "rsrc_state" priority_ceiling nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (job formal-type-decl nil traces nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) 368 300 nil nil)) (pc_step 0 (pc_step-1 nil 3237060221 3251730780 ("" (skolem!) (("" (smash) (("1" (auto-rewrite "pc" "step" "active") (("1" (reduce) nil nil)) nil) ("2" (expand "active") (("2" (use "step_trace" ("t" "t!1")) (("2" (expand "T") (("2" (auto-rewrite "pc" "idle_step" "step") (("2" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (job formal-type-decl nil traces nil) (step const-decl "sch_state" priority_ceiling nil) (active const-decl "bool" traces nil) (pc const-decl "pc(prog(j))" traces nil) (step_trace formula-decl nil traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (idle_step const-decl "sch_state" priority_ceiling nil)) 1126 1060 nil nil)) (pc_increasing 0 (pc_increasing-1 nil 3237060221 3251730780 ("" (skolem + ("j!1" "t1!1" _ "u!1")) (("" (induct-and-rewrite "t2" 1 "pc_init" "pc_step") (("1" (case-replace "t1!1 = 0") (("1" (assert) nil nil) ("2" (assert) nil nil)) nil) ("2" (case "active(u!1, j!1, j!2)") (("1" (assert) nil nil) ("2" (assert) nil nil)) nil)) nil)) nil) proved ((nat_induction formula-decl nil naturalnumbers nil) (pc const-decl "pc(prog(j))" traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (job formal-type-decl nil traces nil) (<= const-decl "bool" reals nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (pred type-eq-decl nil defined_types nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (pc_init formula-decl nil traces nil) (pc_step formula-decl nil traces nil) (active const-decl "bool" traces nil)) 396 360 nil nil)) (pc_before_dispatch 0 (pc_before_dispatch-1 nil 3237060222 3251730780 ("" (auto-rewrite "pc" "P" "time_invariant") (("" (skosimp) (("" (typepred "u!1(t!1)") (("" (reduce) nil nil)) nil)) nil)) nil) proved ((pc const-decl "pc(prog(j))" traces nil) (time_invariant formula-decl nil traces nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (job formal-type-decl nil traces nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil)) 194 190 nil nil)) (active_ready 0 (active_ready-1 nil 3237060222 3251730780 ("" (expand* "active" "ready") (("" (skosimp) (("" (forward-chain "eligible_ready") nil nil)) nil)) nil) proved ((prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (job formal-type-decl nil traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (eligible_ready formula-decl nil priority_ceiling nil) (active const-decl "bool" traces nil) (ready const-decl "bool" traces nil)) 74 50 nil nil)) (active_unique 0 (active_unique-1 nil 3237060222 3251730781 ("" (expand "active") (("" (skosimp) (("" (forward-chain "eligible_ready") (("" (assert) (("" (auto-rewrite "step") (("" (case "step(u!1(t!1), j!1)`pc(j!1) = u!1(t!1)`pc(j!1)") (("1" (assert) nil nil) ("2" (replace*) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((step const-decl "sch_state" priority_ceiling nil) (ready const-decl "bool" priority_ceiling nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (job formal-type-decl nil traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (eligible_ready formula-decl nil priority_ceiling nil) (active const-decl "bool" traces nil)) 445 300 nil nil)) (ready_after_dispatch 0 (ready_after_dispatch-1 nil 3237060222 3251730781 ("" (auto-rewrite "time_invariant" "ready") (("" (skosimp) (("" (assert) (("" (assert) nil nil)) nil)) nil)) nil) proved ((time_invariant formula-decl nil traces nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (job formal-type-decl nil traces nil) (ready const-decl "bool" priority_ceiling nil) (ready const-decl "bool" traces nil)) 69 60 nil nil)) (ready_equiv 0 (ready_equiv-1 nil 3237060222 3251730781 ("" (skolem!) (("" (grind :rewrites ("time_invariant")) nil nil)) nil) proved ((pc const-decl "pc(prog(j))" traces nil) (ready const-decl "bool" traces nil) (ready const-decl "bool" priority_ceiling nil) (finished const-decl "bool" priority_ceiling nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (complete const-decl "bool" programs nil) (time_invariant formula-decl nil traces nil)) 451 430 nil nil)) (ready_at_dispatch 0 (ready_at_dispatch-1 nil 3237060222 3251730781 ("" (skolem!) (("" (auto-rewrite "ready_equiv" "pc_before_dispatch") (("" (assert) nil nil)) nil)) nil) proved ((pc_before_dispatch formula-decl nil traces nil) (ready_equiv formula-decl nil traces nil)) 49 40 nil nil)) (finished_equiv 0 (finished_equiv-1 nil 3237060222 3251730782 ("" (skolem!) (("" (grind) nil nil)) nil) proved ((complete const-decl "bool" programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (job formal-type-decl nil traces nil) (finished const-decl "bool" priority_ceiling nil) (finished const-decl "bool" traces nil) (pc const-decl "pc(prog(j))" traces nil)) 367 300 nil nil)) (finished_stable 0 (finished_stable-1 nil 3237060222 3251730782 ("" (auto-rewrite "finished_equiv") (("" (skosimp) (("" (assert) (("" (use "pc_increasing" ("t2" "t2!1")) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((pc_increasing formula-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (job formal-type-decl nil traces nil) (finished_equiv formula-decl nil traces nil)) 115 100 nil nil)) (readiness 0 (readiness-1 nil 3237060222 3251730782 ("" (skosimp) (("" (expand* "ready" "active") (("" (auto-rewrite "idle") (("" (forward-chain "eligible_exists") (("" (use "step_trace") (("" (expand "T") (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((active const-decl "bool" traces nil) (ready const-decl "bool" traces nil) (eligible_exists formula-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (idle const-decl "bool" priority_ceiling nil) (step_trace formula-decl nil traces nil)) 209 180 nil nil)) (readiness_step2 0 (readiness_step2-1 nil 3237060222 3251730782 ("" (auto-rewrite "step_trace" "time_invariant") (("" (expand "ready") (("" (skosimp) (("" (use "readiness_step" ("g1" "u!1(t!1)")) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((ready const-decl "bool" traces nil) (readiness_step formula-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (time_invariant formula-decl nil traces nil) (step_trace formula-decl nil traces nil)) 179 150 nil nil)) (readiness_interval 0 (readiness_interval-1 nil 3237060222 3251730783 ("" (expand* "ready" "ready" "finished" "complete") (("" (auto-rewrite "time_invariant" "pc") (("" (skosimp) (("" (assert) (("" (delete -1 -2) (("" (use "pc_increasing") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((time_invariant formula-decl nil traces nil) (pc_increasing formula-decl nil traces nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (job formal-type-decl nil traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (pc const-decl "pc(prog(j))" traces nil) (ready const-decl "bool" traces nil) (finished const-decl "bool" priority_ceiling nil) (complete const-decl "bool" programs nil) (ready const-decl "bool" priority_ceiling nil)) 318 290 nil nil)) (active_prio 0 (active_prio-1 nil 3237060222 3251730783 ("" (expand* "active" "ready" "blockers") (("" (skosimp) (("" (use "invariance_Q") (("" (forward-chain "eligible_prio") nil nil)) nil)) nil)) nil) proved ((eligible_prio formula-decl nil priority_ceiling nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (job formal-type-decl nil traces nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (invariance_Q formula-decl nil traces nil) (active const-decl "bool" traces nil) (blockers const-decl "set[job]" traces nil) (ready const-decl "bool" traces nil)) 199 170 nil nil)) (active_prio2 0 (active_prio2-1 nil 3237060222 3251730783 ("" (expand* "busy" "blockers" "active" "ready") (("" (skosimp) (("" (forward-chain "eligible_prio2") nil nil)) nil)) nil) proved ((prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (job formal-type-decl nil traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (eligible_prio2 formula-decl nil priority_ceiling nil) (busy const-decl "bool" traces nil) (active const-decl "bool" traces nil) (ready const-decl "bool" traces nil) (blockers const-decl "set[job]" traces nil)) 177 140 nil nil)) (single_blocker 0 (single_blocker-1 nil 3237060222 3251730783 ("" (expand "blockers") (("" (skosimp) (("" (auto-rewrite "invariance_P2") (("" (use "unique_blocker") (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((unique_blocker formula-decl nil priority_ceiling nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (rsrc_set type-eq-decl nil basic_types nil) (invariance_P2 formula-decl nil traces nil) (blockers const-decl "set[job]" traces nil)) 119 100 nil nil)) (single_blocker2 0 (single_blocker2-1 nil 3237060222 3251730783 ("" (auto-rewrite "invariance_P2" "blockers") (("" (skosimp) (("" (assert) (("" (use "unique_blocker2") (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((unique_blocker2 formula-decl nil priority_ceiling nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (rsrc_set type-eq-decl nil basic_types nil) (invariance_P2 formula-decl nil traces nil) (blockers const-decl "set[job]" traces nil)) 163 130 nil nil)) (blocker_in_cs 0 (blocker_in_cs-1 nil 3237060222 3251730783 ("" (expand* "blockers" "pc") (("" (skosimp) (("" (rewrite "blockers_in_cs") nil nil)) nil)) nil) proved ((prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (job formal-type-decl nil traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (blockers_in_cs formula-decl nil priority_ceiling nil) (blockers const-decl "set[job]" traces nil) (pc const-decl "pc(prog(j))" traces nil)) 92 70 nil nil)) (blocker_in_cs2 0 (blocker_in_cs2-1 nil 3237060222 3251730783 ("" (auto-rewrite "pc" "blockers" "time_invariant") (("" (skosimp) (("" (assert) (("" (forward-chain "blockers_in_cs2") nil nil)) nil)) nil)) nil) proved ((blockers_in_cs2 formula-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (blockers const-decl "set[job]" traces nil) (pc const-decl "pc(prog(j))" traces nil)) 155 110 nil nil)) (blocker_step 0 (blocker_step-1 nil 3237060222 3251730784 ("" (auto-rewrite "step_trace" "invariance_Q") (("" (expand* "ready" "blockers") (("" (skosimp) (("" (rewrite "blockers_step") nil nil)) nil)) nil)) nil) proved ((blockers const-decl "set[job]" traces nil) (ready const-decl "bool" traces nil) (step_trace formula-decl nil traces nil) (invariance_Q formula-decl nil traces nil) (blockers_step formula-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil)) 191 170 nil nil)) (blocker_step2 0 (blocker_step2-1 nil 3237060222 3251730784 ("" (expand* "busy" "blockers" "ready") (("" (auto-rewrite "step_trace") (("" (skosimp) (("" (rewrite "blockers_step2") nil nil)) nil)) nil)) nil) proved ((step_trace formula-decl nil traces nil) (blockers_step2 formula-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (busy const-decl "bool" traces nil) (ready const-decl "bool" traces nil) (blockers const-decl "set[job]" traces nil)) 223 160 nil nil)) (mutual_exclusion 0 (mutual_exclusion-1 nil 3237060222 3251730784 ("" (skosimp) (("" (expand "alloc") (("" (auto-rewrite "invariance_P2" "invar_P2_aux" "mutual_exclusion") (("" (assert) nil nil)) nil)) nil)) nil) proved ((alloc const-decl "rsrc_set" traces nil) (mutual_exclusion formula-decl nil priority_ceiling nil) (invar_P2_aux formula-decl nil priority_ceiling nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (invariance_P2 formula-decl nil traces nil)) 67 60 nil nil)) (sch_TCC1 0 (sch_TCC1-1 nil 3237060222 3251730784 ("" (skosimp*) (("" (use "active_unique") (("" (assert) nil nil)) nil)) nil) proved ((active_unique formula-decl nil traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (job formal-type-decl nil traces nil)) 86 70 nil nil)) (active_prop 0 (active_prop-1 nil 3237060222 3251730784 ("" (auto-rewrite "sch_TCC1") (("" (skolem!) (("" (expand "sch") (("" (rewrite "schedule_from_act1") nil nil)) nil)) nil)) nil) proved ((sch_TCC1 subtype-tcc nil traces nil) (schedule_from_act1 formula-decl nil schedules nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (active const-decl "bool" traces nil) (job formal-type-decl nil traces nil) (sch const-decl "schedule" traces nil)) 73 60 nil nil)) (process_time1 0 (process_time1-1 nil 3237060222 3251730785 ("" (induct-and-rewrite "t" 1 "pc_init" "pc_step" ("process_time_init" "process_time_step") "active_prop") nil nil) proved ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pred type-eq-decl nil defined_types nil) (job formal-type-decl nil traces nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (lift type-decl nil lift_adt nil) (schedule type-eq-decl nil schedules nil) (process_time const-decl "nat" schedules nil) (sch const-decl "schedule" traces nil) (<= const-decl "bool" reals nil) (pc const-decl "pc(prog(j))" traces nil) (nat_induction formula-decl nil naturalnumbers nil) (process_time_init formula-decl nil schedules nil) (pc_init formula-decl nil traces nil) (active_prop formula-decl nil traces nil) (process_time_step formula-decl nil schedules nil) (pc_step formula-decl nil traces nil)) 428 320 nil nil)) (process_time2 0 (process_time2-1 nil 3237060222 3251730785 ("" (auto-rewrite "process_time_equiv2" "process_time1") (("" (reduce) nil nil)) nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (job formal-type-decl nil traces nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (process_time1 formula-decl nil traces nil) (process_time_equiv2 formula-decl nil schedules nil)) 170 140 nil nil)) (process_time_max 0 (process_time_max-1 nil 3237060222 3251730785 ("" (auto-rewrite "process_time1" "pc") (("" (reduce) nil nil)) nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (job formal-type-decl nil traces nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (pc const-decl "pc(prog(j))" traces nil) (process_time1 formula-decl nil traces nil)) 96 80 nil nil)) (process_time_before_dispatch 0 (process_time_before_dispatch-1 nil 3237060222 3251730785 ("" (induct-and-rewrite "t" 1 "process_time1" "pc_init" ("pc_step")) (("" (forward-chain "active_ready") (("" (forward-chain "ready_after_dispatch") (("" (assert) nil nil)) nil)) nil)) nil) proved ((active_ready formula-decl nil traces nil) (ready_after_dispatch formula-decl nil traces nil) (pc_step formula-decl nil traces nil) (process_time1 formula-decl nil traces nil) (pc_init formula-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pred type-eq-decl nil defined_types nil) (job formal-type-decl nil traces nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (lift type-decl nil lift_adt nil) (schedule type-eq-decl nil schedules nil) (process_time const-decl "nat" schedules nil) (sch const-decl "schedule" traces nil) (nat_induction formula-decl nil naturalnumbers nil)) 514 440 nil nil)) (process_time_at_dispatch 0 (process_time_at_dispatch-1 nil 3237060222 3251730785 ("" (skolem!) (("" (rewrite "process_time_before_dispatch") nil nil)) nil) proved ((process_time_before_dispatch formula-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil)) 48 40 nil nil)) (blockers_at_dispatch 0 (blockers_at_dispatch-1 nil 3237060222 3251730786 ("" (skosimp) (("" (case "FORALL n: ready(u!1, j!1, n + dispatch(j!1)) IMPLIES subset?(blockers(u!1, j!1, n + dispatch(j!1)), blockers(u!1, j!1, dispatch(j!1)))") (("1" (forward-chain "ready_after_dispatch") (("1" (expand "blocker") (("1" (assert) (("1" (inst - "t!1 - dispatch(j!1)") (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (delete -1 2) (("2" (auto-rewrite-theory "sets[job]") (("2" (induct "n") (("1" (reduce) nil nil) ("2" (skosimp) (("2" (use "readiness_step2") (("2" (assert) (("2" (forward-chain "blocker_step") (("2" (assert) (("2" (apply (then (skosimp) (inst?) (inst?) (assert))) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((blockers const-decl "set[job]" traces nil) (subset? const-decl "bool" sets nil) (set type-eq-decl nil sets nil) (ready const-decl "bool" traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (job formal-type-decl nil traces nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (blocker const-decl "set[job]" traces nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (ready_after_dispatch formula-decl nil traces nil) (blocker_step formula-decl nil traces nil) (readiness_step2 formula-decl nil traces nil) (member const-decl "bool" sets nil) (nat_induction formula-decl nil naturalnumbers nil) (pred type-eq-decl nil defined_types nil)) 838 700 nil nil)) (active_priority 0 (active_priority-1 nil 3237060222 3251730786 ("" (skosimp) (("" (forward-chain "active_prio") (("" (forward-chain "blockers_at_dispatch") (("" (apply (then (expand "subset?") (inst?) (assert))) nil nil)) nil)) nil)) nil) proved ((active_prio formula-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (subset? const-decl "bool" sets nil) (blockers_at_dispatch formula-decl nil traces nil)) 115 70 nil nil)) (blockers_in_critical_section 0 (blockers_in_critical_section-1 nil 3237060222 3251730789 ("" (skosimp) (("" (case "FORALL n: ready(u!1, j!1, t1!1 + n) IMPLIES pc(u!1, k!1, t1!1 + n) = pc(u!1, k!1, t1!1) OR critical_section(prog(k!1), pc(u!1, k!1, t1!1), pc(u!1, k!1, t1!1 + n), prio(j!1))") (("1" (forward-chain "ready_after_dispatch") (("1" (assert) (("1" (inst - "t!1 - t1!1") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (delete -1 2 3) (("2" (induct "n") (("1" (ground) nil nil) ("2" (skosimp) (("2" (case "ready(u!1, j!1, t1!1+j!2)") (("1" (assert) (("1" (auto-rewrite "pc_step") (("1" (case "active(u!1, k!1, j!2 + t1!1)") (("1" (assert) (("1" (forward-chain "active_prio") (("1" (delete -2 -3 -4 -5 -7 1 2) (("1" (grind :exclude ("blk")) nil nil)) nil) ("2" (forward-chain "blocker_in_cs") (("2" (delete -2 -3 -4 -6 -7 -8) (("2" (expand "critical_section") (("2" (reduce :if-match nil) (("2" (inst? :polarity? t) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil) ("2" (delete -1 -3 2 3) (("2" (use "readiness_step2") (("2" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((critical_section const-decl "bool" programs nil) (pc const-decl "pc(prog(j))" traces nil) (<= const-decl "bool" reals nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (ready const-decl "bool" traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (job formal-type-decl nil traces nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (ready_after_dispatch formula-decl nil traces nil) (pred type-eq-decl nil defined_types nil) (nat_induction formula-decl nil naturalnumbers nil) (pc_step formula-decl nil traces nil) (blocker_in_cs formula-decl nil traces nil) (NOT const-decl "[bool -> bool]" booleans nil) (precedes const-decl "bool" precedence nil) (blockers const-decl "set[job]" traces nil) (blocker const-decl "set[job]" traces nil) (member const-decl "bool" sets nil) (blockers const-decl "set[job]" priority_ceiling nil) (active_prio formula-decl nil traces nil) (active const-decl "bool" traces nil) (readiness_step2 formula-decl nil traces nil)) 2191 1910 nil nil)) (blockers_dispatch 0 (blockers_dispatch-1 nil 3237060222 3251730789 ("" (auto-rewrite "initially_not_cs2" "time_invariant") (("" (skosimp) (("" (expand "blocker") (("" (forward-chain "blocker_in_cs") (("" (expand "pc") (("" (typepred "u!1(dispatch(j!1))") (("" (expand "P") (("" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((blocker_in_cs formula-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (NOT const-decl "[bool -> bool]" booleans nil) (initially_not_cs2 formula-decl nil programs nil) (time_invariant formula-decl nil traces nil) (pc const-decl "pc(prog(j))" traces nil) (blocker const-decl "set[job]" traces nil)) 299 240 nil nil)) (the_blocker_TCC1 0 (the_blocker_TCC1-1 nil 3237060222 3251730789 ("" (expand "nonempty?") (("" (propax) nil nil)) nil) proved ((nonempty? const-decl "bool" sets nil)) 20 20 nil nil)) (blocker_def 0 (blocker_def-1 nil 3237060222 3251730789 ("" (skosimp) (("" (auto-rewrite "member" "singleton" "the_blocker" "nonempty?") (("" (apply-extensionality 2 :hide? t) (("" (smash) (("" (use "single_blocker" ("t" "dispatch(j!1)")) (("" (rewrite "blocker" :dir rl) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((member const-decl "bool" sets nil) (choose const-decl "(p)" sets nil) (single_blocker formula-decl nil traces nil) (nonempty? const-decl "bool" sets nil) (j!1 skolem-const-decl "job" traces nil) (u!1 skolem-const-decl "trace" traces nil) (blocker const-decl "set[job]" traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (empty? const-decl "bool" sets nil) (set type-eq-decl nil sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (singleton? const-decl "bool" sets nil) (singleton const-decl "(singleton?)" sets nil) (the_blocker const-decl "job" traces nil) (boolean nonempty-type-decl nil booleans nil) (job formal-type-decl nil traces nil)) 200 170 nil nil)) (blocker_prio 0 (blocker_prio-1 nil 3237060222 3251730789 ("" (skosimp) (("" (auto-rewrite "nonempty?" "the_blocker") (("" (assert) (("" (typepred "choose(blocker(u!1, j!1))") (("" (auto-rewrite "blocker" "blockers") (("" (assert) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((choose const-decl "(p)" sets nil) (nonempty? const-decl "bool" sets nil) (blocker const-decl "set[job]" traces nil) (set type-eq-decl nil sets nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (job formal-type-decl nil traces nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (blockers const-decl "set[job]" traces nil) (blockers const-decl "set[job]" priority_ceiling nil) (the_blocker const-decl "job" traces nil)) 151 140 nil nil)) (blocker_prop 0 (blocker_prop-1 nil 3237060222 3251730789 ("" (skosimp) (("" (forward-chain "blocker_prio") (("" (assert) nil nil)) nil)) nil) proved ((blocker_prio formula-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil)) 64 50 nil nil)) (blocking_time 0 (blocking_time-1 nil 3237060222 3251731424 ("" (expand "blocking") (("" (skosimp) (("" (smash) (("1" (rewrite "emptyset_is_empty?") (("1" (replace*) (("1" (rewrite "process_time_emptyset") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (use "blocker_def") (("2" (assert) (("2" (replace*) (("2" (rewrite "process_time" :dir rl) (("2" (forward-chain "ready_after_dispatch") (("2" (assert) (("2" (rewrite "process_time2") (("2" (use "blockers_in_critical_section" ("k" "the_blocker(u!1, j!1)" "t" "t2!1" "t1" "dispatch(j!1)")) (("2" (ground) (("1" (forward-chain "max_cs2") nil nil) ("2" (expand* "member" "the_blocker") nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((blocker_def formula-decl nil traces nil) (ready_after_dispatch formula-decl nil traces nil) (process_time2 formula-decl nil traces nil) (max_cs2 formula-decl nil programs nil) (<= const-decl "bool" reals nil) (pc const-decl "pc(prog(j))" traces nil) (member const-decl "bool" sets nil) (blockers_in_critical_section formula-decl nil traces nil) (the_blocker const-decl "job" traces nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (process_time const-decl "nat" schedules nil) (emptyset_is_empty? formula-decl nil sets_lemmas nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (blocker const-decl "set[job]" traces nil) (job formal-type-decl nil traces nil) (process_time_emptyset formula-decl nil schedules nil) (lift type-decl nil lift_adt nil) (schedule type-eq-decl nil schedules nil) (sch const-decl "schedule" traces nil) (blocking const-decl "nat" traces nil)) 211428 4390 t nil)) (process_time_ready_job 0 (process_time_ready_job-3 "put ground back" 3237239696 3251730793 ("" (skosimp) (("" (forward-chain "ready_after_dispatch") (("" (assert) (("" (auto-rewrite "active_prop" "idle_equiv") (("" (expand "process_time" 1 1) (("" (replace -3 - rl) (("" (use "total_cpu" ("t1" "t1!1" "t2" "t2!1")) (("" (assert) (("" (case-replace "idle_time(sch(u!1), t1!1, t2!1) = 0") (("1" (delete -1) (("1" (assert) (("1" (use "process_time_partition4" ("E" "fullset[job]" "E1" "singleton(j!1)" "E2" "H(j!1)" "E3" "blocker(u!1, j!1)" "E4" "{ k | not blocker(u!1, j!1)(k) AND not precedes(k, j!1) }")) (("1" (assert :flush? t) (("1" (ground) (("1" (case-replace "process_time(sch(u!1), t1!1, t2!1, {k: job | NOT blocker(u!1, j!1)(k) AND NOT precedes(k, j!1)}) = 0") (("1" (assert) nil nil) ("2" (delete -1 -2 2) (("2" (rewrite "zero_process_time") (("2" (skosimp) (("2" (use "readiness_interval" ("t" "t!1" "t1" "t2!1")) (("2" (assert) (("2" (forward-chain "active_priority") (("2" (expand "member") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 -2 -3 -4 2) (("2" (grind :exclude ("blk")) (("2" (apply-extensionality :hide? t) (("2" (smash) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 2) (("2" (rewrite "zero_idle_time") (("2" (skosimp) (("2" (use "readiness" ("t" "t!1")) (("2" (ground) (("2" (use "readiness_interval" ("t" "t!1" "t1" "t2!1")) (("2" (assert) (("2" (inst?) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((ready_after_dispatch formula-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (readiness formula-decl nil traces nil) (idle_equiv formula-decl nil schedules nil) (zero_idle_time formula-decl nil schedules nil) (process_time_partition4 formula-decl nil schedules nil) (set type-eq-decl nil sets nil) (fullset const-decl "set" sets nil) (singleton? const-decl "bool" sets nil) (singleton const-decl "(singleton?)" sets nil) (H const-decl "set[job]" traces nil) (blocker const-decl "set[job]" traces nil) (NOT const-decl "[bool -> bool]" booleans nil) (precedes const-decl "bool" precedence nil) (member const-decl "bool" sets nil) (active_priority formula-decl nil traces nil) (readiness_interval formula-decl nil traces nil) (active_prop formula-decl nil traces nil) (zero_process_time formula-decl nil schedules nil) (process_time const-decl "nat" schedules nil) (partition4 const-decl "bool" sum_partitions nil) (partition2 const-decl "bool" sum_partitions nil) (union const-decl "set" sets nil) (disjoint? const-decl "bool" sets nil) (empty? const-decl "bool" sets nil) (intersection const-decl "set" sets nil) (/= const-decl "boolean" notequal nil) (blockers const-decl "set[job]" priority_ceiling nil) (blockers const-decl "set[job]" traces nil) (<= const-decl "bool" reals nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (blk const-decl "set[job]" priority_ceiling nil) (rsrc_set type-eq-decl nil basic_types nil) (idle_time const-decl "nat" schedules nil) (lift type-decl nil lift_adt nil) (schedule type-eq-decl nil schedules nil) (sch const-decl "schedule" traces nil) (total_cpu formula-decl nil schedules nil) (process_time const-decl "nat" schedules nil)) 3125 2720 t shostak) (process_time_ready_job-2 "Fixed the proof: (use \"total_cpu\") needs explicit instantiation and (ground) loops." 3237061730 3237061730 ("" (skosimp) (("" (forward-chain "ready_after_dispatch") (("" (assert) (("" (auto-rewrite "active_prop" "idle_equiv") (("" (expand "process_time" 1 1) (("" (replace -3 - rl) (("" (use "total_cpu" ("t1" "t1!1" "t2" "t2!1")) (("" (assert) (("" (case-replace "idle_time(sch(u!1), t1!1, t2!1) = 0") (("1" (delete -1) (("1" (assert) (("1" (use "process_time_partition4" ("E" "fullset[job]" "E1" "singleton(j!1)" "E2" "H(j!1)" "E3" "blocker(u!1, j!1)" "E4" "{ k | not blocker(u!1, j!1)(k) AND not precedes(k, j!1) }")) (("1" (split) (("1" (case-replace "process_time(sch(u!1), t1!1, t2!1, {k: job | NOT blocker(u!1, j!1)(k) AND NOT precedes(k, j!1)}) = 0") (("1" (assert) nil nil) ("2" (delete -1 -2 2) (("2" (rewrite "zero_process_time") (("2" (skosimp) (("2" (use "readiness_interval" ("t" "t!1" "t1" "t2!1")) (("2" (assert) (("2" (forward-chain "active_priority") (("2" (expand "member") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 -2 -3 -4 2) (("2" (grind :exclude ("blk")) (("2" (apply-extensionality :hide? t) (("2" (smash) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 2) (("2" (rewrite "zero_idle_time") (("2" (skosimp) (("2" (use "readiness" ("t" "t!1")) (("2" (ground) (("2" (use "readiness_interval" ("t" "t!1" "t1" "t2!1")) (("2" (assert) (("2" (inst?) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((ready_after_dispatch formula-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) nil (trace nonempty-type-eq-decl nil traces nil) (readiness formula-decl nil traces nil) (idle_equiv formula-decl nil schedules nil) (zero_idle_time formula-decl nil schedules nil) (process_time_partition4 formula-decl nil schedules nil) (set type-eq-decl nil sets nil) (fullset const-decl "set" sets nil) (singleton? const-decl "bool" sets nil) (singleton const-decl "(singleton?)" sets nil) (H const-decl "set[job]" traces nil) (blocker const-decl "set[job]" traces nil) (NOT const-decl "[bool -> bool]" booleans nil) (precedes const-decl "bool" precedence nil) (member const-decl "bool" sets nil) (active_priority formula-decl nil traces nil) (readiness_interval formula-decl nil traces nil) (active_prop formula-decl nil traces nil) (zero_process_time formula-decl nil schedules nil) nil (partition4 const-decl "bool" sum_partitions nil) (partition2 const-decl "bool" sum_partitions nil) (union const-decl "set" sets nil) (disjoint? const-decl "bool" sets nil) (empty? const-decl "bool" sets nil) (intersection const-decl "set" sets nil) (/= const-decl "boolean" notequal nil) nil nil (<= const-decl "bool" reals nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (blk const-decl "set[job]" priority_ceiling nil) (rsrc_set type-eq-decl nil basic_types nil) nil (lift type-decl nil lift_adt nil) (schedule type-eq-decl nil schedules nil) (sch const-decl "schedule" traces nil) (total_cpu formula-decl nil schedules nil) nil) 1232216 834530 t shostak) (process_time_ready_job-1 nil 3237060222 3237060491 ("" (skosimp) (("" (forward-chain "ready_after_dispatch") (("" (assert) (("" (auto-rewrite "active_prop" "idle_equiv") (("" (expand "process_time" 1 1) (("" (replace -3 - rl) (("" (use "total_cpu") (("" (assert) (("" (case-replace "idle_time(sch(u!1), t1!1, t2!1) = 0") (("1" (delete -1) (("1" (assert) (("1" (use "process_time_partition4" ("E" "fullset[job]" "E1" "singleton(j!1)" "E2" "H(j!1)" "E3" "blocker(u!1, j!1)" "E4" "{ k | not blocker(u!1, j!1)(k) AND not precedes(k, j!1) }")) (("1" (ground) (("1" (case-replace "process_time(sch(u!1), t1!1, t2!1, {k: job | NOT blocker(u!1, j!1)(k) AND NOT precedes(k, j!1)}) = 0") (("1" (assert) nil nil) ("2" (delete -1 -2 2) (("2" (rewrite "zero_process_time") (("2" (skosimp) (("2" (use "readiness_interval" ("t" "t!1" "t1" "t2!1")) (("2" (assert) (("2" (forward-chain "active_priority") (("2" (expand "member") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 -2 -3 -4 2) (("2" (grind :exclude ("blk")) (("2" (apply-extensionality :hide? t) (("2" (smash) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 2) (("2" (rewrite "zero_idle_time") (("2" (skosimp) (("2" (use "readiness" ("t" "t!1")) (("2" (ground) (("2" (use "readiness_interval" ("t" "t!1" "t1" "t2!1")) (("2" (assert) (("2" (inst?) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((ready_after_dispatch formula-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) nil (trace nonempty-type-eq-decl nil traces nil) (readiness formula-decl nil traces nil) (idle_equiv formula-decl nil schedules nil) (zero_idle_time formula-decl nil schedules nil) (process_time_partition4 formula-decl nil schedules nil) (set type-eq-decl nil sets nil) (fullset const-decl "set" sets nil) (singleton? const-decl "bool" sets nil) (singleton const-decl "(singleton?)" sets nil) (H const-decl "set[job]" traces nil) (blocker const-decl "set[job]" traces nil) (NOT const-decl "[bool -> bool]" booleans nil) (precedes const-decl "bool" precedence nil) (<= const-decl "bool" reals nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (blk const-decl "set[job]" priority_ceiling nil) (rsrc_set type-eq-decl nil basic_types nil) (partition4 const-decl "bool" sum_partitions nil) (partition2 const-decl "bool" sum_partitions nil) (union const-decl "set" sets nil) (disjoint? const-decl "bool" sets nil) (empty? const-decl "bool" sets nil) (intersection const-decl "set" sets nil) (/= const-decl "boolean" notequal nil) (zero_process_time formula-decl nil schedules nil) (active_prop formula-decl nil traces nil) (readiness_interval formula-decl nil traces nil) (active_priority formula-decl nil traces nil) (member const-decl "bool" sets nil) (lift type-decl nil lift_adt nil) (schedule type-eq-decl nil schedules nil) (sch const-decl "schedule" traces nil) (total_cpu formula-decl nil schedules nil)) 42519 20590 t nil)) (schedulable_prop 0 (schedulable_prop-1 nil 3237060222 3251730794 ("" (skosimp) (("" (expand "schedulable") (("" (assert) (("" (case "ready(u!1, j!1, t!1)") (("1" (assert) (("1" (use* "process_time_ready_job" "blocking_time") (("1" (assert) (("1" (auto-rewrite "process_time_equiv2" "process_time_at_dispatch" "ready_equiv" "process_time1") (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (delete -) (("2" (auto-rewrite "ready_equiv" "finished" "complete" "pc") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((schedulable const-decl "bool" traces nil) (ready const-decl "bool" traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (job formal-type-decl nil traces nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (process_time_ready_job formula-decl nil traces nil) (blocking_time formula-decl nil traces nil) (ready_equiv formula-decl nil traces nil) (process_time_equiv2 formula-decl nil schedules nil) (process_time1 formula-decl nil traces nil) (finished const-decl "bool" traces nil) (finished const-decl "bool" priority_ceiling nil) (complete const-decl "bool" programs nil) (pc const-decl "pc(prog(j))" traces nil)) 945 810 nil nil)) (blockers_busy 0 (blockers_busy-1 nil 3237060222 3251730795 ("" (skosimp) (("" (case "FORALL n: t1!1 + n <= t2!1 IMPLIES subset?(blockers(u!1, p!1, t1!1+n), blockers(u!1, p!1, t1!1))") (("1" (assert) (("1" (inst - "t!1 - t1!1") (("1" (assert) nil nil)) nil)) nil) ("2" (delete -2 -3 2) (("2" (induct "n") (("1" (ground) (("1" (grind :exclude ("blockers" "busy")) nil nil)) nil) ("2" (skosimp) (("2" (assert) (("2" (expand "busy") (("2" (inst - "t1!1 + j!1") (("2" (assert) (("2" (forward-chain "blocker_step2") (("2" (delete -3 -4) (("2" (grind :exclude ("blockers")) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((blockers const-decl "set[job]" traces nil) (trace nonempty-type-eq-decl nil traces nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (subset? const-decl "bool" sets nil) (set type-eq-decl nil sets nil) (job formal-type-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (<= const-decl "bool" reals nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (pred type-eq-decl nil defined_types nil) (nat_induction formula-decl nil naturalnumbers nil) (member const-decl "bool" sets nil) (blocker_step2 formula-decl nil traces nil) (busy const-decl "bool" traces nil)) 1104 1020 nil nil)) (active_priority2 0 (active_priority2-1 nil 3237060222 3251730796 ("" (skosimp) (("" (forward-chain "blockers_busy") (("" (expand "busy") (("" (inst?) (("" (assert) (("" (forward-chain "active_prio2") (("" (delete -3 -4 -5 -6 1) (("" (grind :exclude ("blockers")) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((blockers_busy formula-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (job formal-type-decl nil traces nil) (pc nonempty-type-eq-decl nil programs nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (active_prio2 formula-decl nil traces nil) (subset? const-decl "bool" sets nil) (member const-decl "bool" sets nil) (busy const-decl "bool" traces nil)) 498 450 nil nil)) (blocker_in_critical_section2 0 (blocker_in_critical_section2-1 nil 3237060222 3251730799 ("" (skosimp) (("" (assert) (("" (case "FORALL n: t1!1 + n <= t2!1 IMPLIES pc(u!1, k!1, t1!1 + n) = pc(u!1, k!1, t1!1) OR critical_section(prog(k!1), pc(u!1, k!1, t1!1), pc(u!1, k!1, t1!1+n), p!1)") (("1" (inst - "t!1 - t1!1") (("1" (assert) nil nil)) nil) ("2" (delete 2 3) (("2" (induct "n") (("1" (ground) nil nil) ("2" (skosimp) (("2" (assert) (("2" (auto-rewrite "pc_step") (("2" (case "active(u!1, k!1, j!1 + t1!1)") (("1" (assert) (("1" (delete 1) (("1" (expand "busy") (("1" (inst - "t1!1 + j!1") (("1" (assert) (("1" (forward-chain "active_prio2") (("1" (delete -2 -3 -4 -5 -7 -8 1) (("1" (grind) nil nil)) nil) ("2" (forward-chain "blocker_in_cs2") (("2" (delete -2 -3 -5 -6 -7 -8 -9) (("2" (expand "critical_section") (("2" (ground) (("1" (skosimp) (("1" (assert) nil nil)) nil) ("2" (skosimp) (("2" (inst?) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((pc_step formula-decl nil traces nil) (busy const-decl "bool" traces nil) (blocker_in_cs2 formula-decl nil traces nil) (blockers const-decl "set[job]" priority_ceiling nil) (member const-decl "bool" sets nil) (blockers const-decl "set[job]" traces nil) (active_prio2 formula-decl nil traces nil) (active const-decl "bool" traces nil) (nat_induction formula-decl nil naturalnumbers nil) (pred type-eq-decl nil defined_types nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (job formal-type-decl nil traces nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (trace nonempty-type-eq-decl nil traces nil) (pc const-decl "pc(prog(j))" traces nil) (critical_section const-decl "bool" programs nil)) 3446 1490 nil nil)) (blocker_dispatch2 0 (blocker_dispatch2-1 nil 3237060222 3251730799 ("" (auto-rewrite "initially_not_cs2" "time_invariant") (("" (skosimp) (("" (expand "blockers") (("" (forward-chain "blockers_in_cs2") (("" (typepred "u!1(t1!1)") (("" (expand "P") (("" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((blockers_in_cs2 formula-decl nil priority_ceiling nil) (pc nonempty-type-eq-decl nil programs nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (time_invariant formula-decl nil traces nil) (initially_not_cs2 formula-decl nil programs nil) (NOT const-decl "[bool -> bool]" booleans nil) (blockers const-decl "set[job]" traces nil)) 251 210 nil nil)) (the_blocker_TCC2 0 (the_blocker_TCC2-1 nil 3237060222 3251730800 ("" (subtype-tcc) nil nil) proved ((NOT const-decl "[bool -> bool]" booleans nil) (pc nonempty-type-eq-decl nil programs nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (set type-eq-decl nil sets nil) (init_rsrc const-decl "rsrc_state" priority_ceiling nil) (complete const-decl "bool" programs nil) (finished const-decl "bool" priority_ceiling nil) (ready const-decl "bool" priority_ceiling nil) (precedes const-decl "bool" precedence nil) (topjob const-decl "bool" priority_ceiling nil) (/= const-decl "boolean" notequal nil) (blk const-decl "set[job]" priority_ceiling nil) (blocked const-decl "bool" priority_ceiling nil) (eligible const-decl "bool" priority_ceiling nil) (idle const-decl "bool" priority_ceiling nil) (idle_step const-decl "sch_state" priority_ceiling nil) (cmd const-decl "command" programs nil) (step const-decl "sch_state" priority_ceiling nil) (blockers const-decl "set[job]" traces nil) (member const-decl "bool" sets nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (posnat nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (job formal-type-decl nil traces nil) (blockers const-decl "set[job]" priority_ceiling nil) (empty? const-decl "bool" sets nil) (nonempty? const-decl "bool" sets nil)) 742 710 nil nil)) (blocker_def2 0 (blocker_def2-1 nil 3237060222 3251730800 ("" (skosimp) (("" (assert) (("" (auto-rewrite "singleton" "member" "nonempty?" "the_blocker") (("" (apply-extensionality :hide? t) (("" (smash) (("" (use "single_blocker2" ("j1" "x!1" "j2" "the_blocker(u!1, p!1, t!1)")) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((job formal-type-decl nil traces nil) (boolean nonempty-type-decl nil booleans nil) (the_blocker const-decl "job" traces nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (singleton const-decl "(singleton?)" sets nil) (singleton? const-decl "bool" sets nil) (blockers const-decl "set[job]" traces nil) (set type-eq-decl nil sets nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (single_blocker2 formula-decl nil traces nil) (member const-decl "bool" sets nil)) 169 150 nil nil)) (blocker_prio2 0 (blocker_prio2-1 nil 3237060222 3251730800 ("" (skosimp) (("" (auto-rewrite "nonempty?" "the_blocker") (("" (assert) (("" (typepred "choose(blockers(u!1, p!1, t!1))") (("" (auto-rewrite "blockers") (("" (assert) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((choose const-decl "(p)" sets nil) (nonempty? const-decl "bool" sets nil) (blockers const-decl "set[job]" traces nil) (set type-eq-decl nil sets nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (job formal-type-decl nil traces nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (blockers const-decl "set[job]" priority_ceiling nil) (the_blocker const-decl "job" traces nil)) 170 150 nil nil)) (blocking_time2 0 (blocking_time2-1 nil 3237060222 3251730801 ("" (skolem!) (("" (expand "blocking") (("" (smash) (("1" (rewrite "emptyset_is_empty?") (("1" (replace*) (("1" (rewrite "process_time_emptyset") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (case "t1!1 <= t2!1") (("1" (use "blocker_def2") (("1" (reduce) (("1" (rewrite "process_time" :dir rl) (("1" (rewrite "process_time2") (("1" (use "blocker_in_critical_section2") (("1" (ground) (("1" (forward-chain "max_cs2") nil nil) ("2" (expand* "the_blocker" "member") nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (auto-rewrite "process_time" "sum") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((blocking const-decl "nat" traces nil) (<= const-decl "bool" reals nil) (process_time2 formula-decl nil traces nil) (max_cs2 formula-decl nil programs nil) (pc const-decl "pc(prog(j))" traces nil) (member const-decl "bool" sets nil) (blocker_in_critical_section2 formula-decl nil traces nil) (the_blocker const-decl "job" traces nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (process_time const-decl "nat" schedules nil) (blocker_def2 formula-decl nil traces nil) (sum def-decl "nat" sum_sequences nil) (process_time const-decl "nat" schedules nil) (emptyset_is_empty? formula-decl nil sets_lemmas nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (pc nonempty-type-eq-decl nil programs nil) (posnat nonempty-type-eq-decl nil integers nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (blockers const-decl "set[job]" traces nil) (job formal-type-decl nil traces nil) (process_time_emptyset formula-decl nil schedules nil) (lift type-decl nil lift_adt nil) (schedule type-eq-decl nil schedules nil) (sch const-decl "schedule" traces nil)) 701 620 nil nil)) (process_time_busy_interval 0 (process_time_busy_interval-1 nil 3237060222 3251730804 ("" (skosimp) (("" (use "total_cpu") (("" (auto-rewrite "active_prop" "idle_equiv") (("" (assert) (("" (case-replace "idle_time(sch(u!1), t1!1, t2!1) = 0") (("1" (delete -1) (("1" (assert) (("1" (use "process_time_partition3" ("E" "fullset[job]" "E1" "K(p!1)" "E2" "blockers(u!1, p!1, t1!1)" "E3" "{ k | prio(k) < p!1 AND not member(k, blockers(u!1, p!1, t1!1)) }")) (("1" (ground) (("1" (case-replace "process_time(sch(u!1), t1!1, t2!1, {k: job | prio(k) < p!1 AND NOT member(k, blockers(u!1, p!1, t1!1))}) = 0") (("1" (assert) nil nil) ("2" (delete -1 -2 2) (("2" (rewrite "zero_process_time") (("2" (skosimp) (("2" (use "active_priority2" ("j" "j!1")) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 -2 -3 2) (("2" (grind) (("2" (apply-extensionality :hide? t) (("2" (smash) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 2) (("2" (rewrite "zero_idle_time") (("2" (skosimp) (("2" (rewrite "readiness") (("2" (auto-rewrite "busy") (("2" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((total_cpu formula-decl nil schedules nil) (job formal-type-decl nil traces nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (sch const-decl "schedule" traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (schedule type-eq-decl nil schedules nil) (lift type-decl nil lift_adt nil) (busy const-decl "bool" traces nil) (busy const-decl "bool" traces nil) (readiness formula-decl nil traces nil) (idle_equiv formula-decl nil schedules nil) (zero_idle_time formula-decl nil schedules nil) (process_time_partition3 formula-decl nil schedules nil) (set type-eq-decl nil sets nil) (fullset const-decl "set" sets nil) (K const-decl "set[job]" traces nil) (blockers const-decl "set[job]" traces nil) (NOT const-decl "[bool -> bool]" booleans nil) (member const-decl "bool" sets nil) (rsrc_set type-eq-decl nil basic_types nil) (semaphore nonempty-type-decl nil basic_types nil) (ceil const-decl "[semaphore -> priority]" basic_types nil) (blockers const-decl "set[job]" priority_ceiling nil) (intersection const-decl "set" sets nil) (empty? const-decl "bool" sets nil) (disjoint? const-decl "bool" sets nil) (union const-decl "set" sets nil) (partition2 const-decl "bool" sum_partitions nil) (partition3 const-decl "bool" sum_partitions nil) (process_time const-decl "nat" schedules nil) (zero_process_time formula-decl nil schedules nil) (active_prop formula-decl nil traces nil) (active_priority2 formula-decl nil traces nil) (idle_time const-decl "nat" schedules nil)) 2453 2150 nil nil)) (busy_time2 0 (busy_time2-1 nil 3237060222 3251730804 ("" (skosimp) (("" (forward-chain "process_time_busy_interval") (("" (forward-chain "blocking_time2") (("" (assert) nil nil)) nil)) nil)) nil) proved ((process_time_busy_interval formula-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (job formal-type-decl nil traces nil) (pc nonempty-type-eq-decl nil programs nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (blocking_time2 formula-decl nil traces nil)) 229 210 nil nil)) (blockers_prop 0 (blockers_prop-1 nil 3237060222 3251730805 ("" (skosimp) (("" (case "subset?(blocker(u!1, j!1), blockers(u!1, p!1, dispatch(j!1)))") (("1" (forward-chain "blockers_busy") (("1" (delete -3 -4 -5 -6) (("1" (grind :exclude ("blocker" "blockers") :if-match nil) (("1" (inst?) (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 -2 -3 2) (("2" (grind) nil nil)) nil)) nil)) nil) proved ((blockers const-decl "set[job]" traces nil) (blocker const-decl "set[job]" traces nil) (trace nonempty-type-eq-decl nil traces nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (T const-decl "bool" priority_ceiling nil) (init_sch const-decl "good_state" priority_ceiling nil) (= const-decl "[T, T -> boolean]" equalities nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (priority nonempty-type-eq-decl nil basic_types nil) (maxprio const-decl "posnat" basic_types nil) (> const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (< const-decl "bool" reals nil) (prog formal-const-decl "[job -> prog]" traces nil) (prog type-eq-decl nil programs nil) (command type-decl nil command_adt nil) (below type-eq-decl nil naturalnumbers nil) (posnat nonempty-type-eq-decl nil integers nil) (pc nonempty-type-eq-decl nil programs nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (subset? const-decl "bool" sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (job formal-type-decl nil traces nil) (member const-decl "bool" sets nil) (blockers_busy formula-decl nil traces nil) (blockers const-decl "set[job]" traces nil) (/= const-decl "boolean" notequal nil) (blk const-decl "set[job]" priority_ceiling nil) (blockers const-decl "set[job]" priority_ceiling nil) (blockers const-decl "set[job]" priority_ceiling nil) (semaphore nonempty-type-decl nil basic_types nil)) 764 650 nil nil)) (blocking_prop 0 (blocking_prop-1 nil 3237060222 3251730806 ("" (skosimp) (("" (forward-chain "blockers_prop") (("" (expand "blocking") (("" (smash) (("1" (delete -2 -3 -4 -5 2) (("1" (apply (then (grind :exclude ("blocker" "blockers") :if-match nil) (inst?) (inst?) (assert))) nil nil)) nil) ("2" (use* "blocker_def" "blocker_def2") (("2" (ground) (("1" (delete -1 -4 -5 -6 -7 2 3) (("1" (grind :if-match nil :exclude ("blockers" "blocker")) (("1" (inst? :polarity? t) (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (replace*) (("2" (delete -1 -2 -4 -5 -6 -7 1 2) (("2" (auto-rewrite-theory "sets[job]") (("2" (reduce :if-match nil) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((blockers_prop formula-decl nil traces nil) (job formal-type-decl nil traces nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (< const-decl "bool" reals nil) (nonneg_int nonempty-type-eq-decl nil integers nil) (> const-decl "bool" reals nil) (posnat nonempty-type-eq-decl nil integers nil) (maxprio const-decl "posnat" basic_types nil) (priority nonempty-type-eq-decl nil basic_types nil) (pc nonempty-type-eq-decl nil programs nil) (below type-eq-decl nil naturalnumbers nil) (command type-decl nil command_adt nil) (prog type-eq-decl nil programs nil) (prog formal-const-decl "[job -> prog]" traces nil) (prio formal-const-decl "[job -> priority]" traces nil) (dispatch formal-const-decl "[job -> nat]" traces nil) (rsrc_state type-eq-decl nil priority_ceiling nil) (sch_state type-eq-decl nil priority_ceiling nil) (P const-decl "bool" priority_ceiling nil) (good_state nonempty-type-eq-decl nil priority_ceiling nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (init_sch const-decl "good_state" priority_ceiling nil) (T const-decl "bool" priority_ceiling nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (trace nonempty-type-eq-decl nil traces nil) (member const-decl "bool" sets nil) (subset? const-decl "bool" sets nil) (empty? const-decl "bool" sets nil) (singleton const-decl "(singleton?)" sets nil) (blocker_def2 formula-decl nil traces nil) (blocker_def formula-decl nil traces nil) (blocking const-decl "nat" traces nil) (blocking const-decl "nat" traces nil)) 1316 1080 nil nil))) $$$fsets_sum.pvs %------------------------------------------------------------------------ % Finite sum over real-valued functions % (reworked from Ricky Butler's version in finite set lib) %------------------------------------------------------------------------ fsets_sum[T: TYPE]: THEORY BEGIN %% IMPORTING finite_sets@finite_sets_sum[T,real,0,+] IMPORTING finite_sets@finite_sets_inductions S, A, B: VAR finite_set[T] E: VAR non_empty_finite_set[T] t, x, x1, x2: VAR T c, N: VAR real f, g: VAR function[T -> real] %% Things below and up to sum_distributive have been %% copied from finite_set@finite_sets_sum. %% %% Shouldn't need to do that but there was a problem with %% judgements otherwise. Bug in PVS: I can't reverse the %% change? (7/19/99) %% %% Fixed by Sam (9/1/99) but still things do not work so well %% (auto-rewrite in proof of sum_indexed_partitions.sum_partition) %% %------------------------------------ % Definition and basic properties %------------------------------------ sum(S, f) : RECURSIVE real = IF empty?(S) THEN 0 ELSE f(choose(S)) + sum(rest(S),f) ENDIF MEASURE card(S) sum_emptyset : THEOREM sum(emptyset, f) = 0 sum_singleton : THEOREM sum(singleton(x), f) = f(x) sum_x : THEOREM FORALL (x: (S)): sum(S, f) = f(x) + sum(remove(x, S), f) sum_x1_x2 : THEOREM FORALL (x1, x2: (S)): f(x1) + sum(remove(x1, S), f) = f(x2) + sum(remove(x2, S), f) sum_add : THEOREM sum(add(x, S),f) = IF S(x) THEN sum(S, f) ELSE sum(S, f) + f(x) ENDIF sum_remove : THEOREM sum(remove(x, S),f) = IF S(x) THEN sum(S, f) - f(x) ELSE sum(S, f) ENDIF sum_rest : THEOREM NOT empty?(S) IMPLIES f(choose(S)) + sum(rest(S),f) = sum(S,f) sum_disj_union: THEOREM disjoint?(A, B) IMPLIES sum(union(A, B), f) = sum(A, f) + sum(B, f) sum_diff_subset: THEOREM subset?(A, B) IMPLIES sum(difference(B, A), f) = sum(B, f) - sum(A, f) sum_union : THEOREM sum(union(A, B), f) + sum(intersection(A, B),f ) = sum(A, f) + sum(B, f) sum_diff_intersection: THEOREM sum(A, f) = sum(difference(A, B), f) + sum(intersection(A, B), f) sum_f_g : THEOREM (FORALL (x: (S)): f(x) = g(x)) IMPLIES sum(S, f) = sum(S, g) sum_particular : THEOREM sum(S, f WITH [x := c]) = IF S(x) THEN sum(S, f) + c - f(x) ELSE sum(S, f) ENDIF sum_distributive: THEOREM sum(A, f) + sum(A, g) = sum(A, LAMBDA x: f(x) + g(x)) %--------------------------- % Sum for a few functions %--------------------------- sum_const : THEOREM sum(S, (LAMBDA t: c)) = c*card(S) sum_mult : THEOREM sum(S,(LAMBDA t: c*f(t))) = c*sum(S,f) sum_1_is_card: THEOREM sum(S,(LAMBDA t: 1)) = card(S) sum_update : THEOREM sum(S, f WITH [(t) := c]) = IF S(t) THEN sum(S, f) - f(t) + c ELSE sum(S, f) ENDIF %------------------------------------------------------ % Ordering properties for two sums over the same set %------------------------------------------------------ sum_le : THEOREM (FORALL (t: (S)): f(t) <= g(t)) IMPLIES sum(S, f) <= sum(S, g) sum_ge : THEOREM (FORALL (t: (S)): f(t) >= g(t)) IMPLIES sum(S, f) >= sum(S, g) sum_lt : THEOREM (FORALL (t: (E)): f(t) < g(t)) IMPLIES sum(E, f) < sum(E, g) sum_gt : THEOREM (FORALL (t: (E)): f(t) > g(t)) IMPLIES sum(E, f) > sum(E, g) %------------------------------------------------ % Bounds on sum derived from bounds of f on S %------------------------------------------------ sum_bound : THEOREM (FORALL (t: (S)): f(t) <= N) IMPLIES sum(S,f) <= N*card(S) sum_bound2 : THEOREM (FORALL (t: (S)): f(t) >= N) IMPLIES sum(S,f) >= N*card(S) sum_bound3 : THEOREM (FORALL (t: (E)): f(t) < N) IMPLIES sum(E,f) < N*card(E) sum_bound4 : THEOREM (FORALL (t: (E)): f(t) > N) IMPLIES sum(E,f) > N*card(E) %--------------------- % Sign of sum(S, f) %--------------------- sum_nonneg : LEMMA (FORALL (t: (S)): f(t) >= 0) IMPLIES sum(S,f) >= 0 sum_nonpos : LEMMA (FORALL (t: (S)): f(t) <= 0) IMPLIES sum(S,f) <= 0 sum_pos : LEMMA (FORALL (t: (S)): f(t) >= 0) AND (EXISTS (t: (S)): f(t) > 0) IMPLIES sum(S, f) > 0 sum_pos2 : LEMMA (FORALL (t: (E)): f(t) > 0) IMPLIES sum(E,f) > 0 sum_neg : LEMMA (FORALL (t: (S)): f(t) <= 0) AND (EXISTS (t: (S)): f(t) < 0) IMPLIES sum(S, f) < 0 sum_neg2 : LEMMA (FORALL (t: (E)): f(t) < 0) IMPLIES sum(E,f) < 0 sum_zero : LEMMA (FORALL (t: (S)): f(t) = 0) IMPLIES sum(S, f) = 0 %----------------------- % Closure properties %----------------------- U: VAR set[real] sum_closure1: LEMMA (FORALL (a, b: (U)): U(a+b)) AND (FORALL (t: (E)): U(f(t))) IMPLIES U(sum(E, f)) sum_closure2: LEMMA U(0) AND (FORALL (a, b: (U)): U(a+b)) AND (FORALL (t: (S)): U(f(t))) IMPLIES U(sum(S, f)) %--------------- % Judgements %--------------- nnf: VAR [T -> nonneg_real] npf: VAR [T -> nonpos_real] pf: VAR [T -> posreal] nf: VAR [T -> negreal] sum_nnreal_is_nnreal: JUDGEMENT sum(S, nnf) HAS_TYPE nonneg_real sum_npreal_is_npreal: JUDGEMENT sum(S, npf) HAS_TYPE nonpos_real sum_posreal_is_posreal: JUDGEMENT sum(E, pf) HAS_TYPE posreal sum_negreal_is_negreal: JUDGEMENT sum(E, nf) HAS_TYPE negreal u: VAR [T -> rat] nnu: VAR [T -> nonneg_rat] npu: VAR [T -> nonpos_rat] pu: VAR [T -> posrat] nu: VAR [T -> negrat] sum_rat_is_rat: JUDGEMENT sum(S, u) HAS_TYPE rat sum_nnrat_is_nnrat: JUDGEMENT sum(S, nnu) HAS_TYPE nonneg_rat sum_nprat_is_nprat: JUDGEMENT sum(S, npu) HAS_TYPE nonpos_rat sum_posrat_is_posrat: JUDGEMENT sum(E, pu) HAS_TYPE posrat sum_negrat_is_negrat: JUDGEMENT sum(E, nu) HAS_TYPE negrat v: VAR [T -> int] npv: VAR [T -> nonpos_int] nv: VAR [T -> negint] sum_int_is_int: JUDGEMENT sum(S, v) HAS_TYPE int sum_npint_is_npint: JUDGEMENT sum(S, npv) HAS_TYPE nonpos_int sum_negint_is_negint: JUDGEMENT sum(E, nv) HAS_TYPE negint w: VAR [T -> nat] pw: VAR [T -> posnat] sum_nat_is_nat: JUDGEMENT sum(S, w) HAS_TYPE nat sum_posnat_is_posnat: JUDGEMENT sum(E, pw) HAS_TYPE posnat %------------------------------------------------------- % Properties of f derived from the value of Sum(S, f) %------------------------------------------------------- sum_max_bound : THEOREM sum(S,f) = N * card(S) AND (FORALL (t: (S)): f(t) <= N) IMPLIES (FORALL (t: (S)): f(t) = N) sum_min_bound : THEOREM sum(S,f) = N * card(S) AND (FORALL (t: (S)): f(t) >= N) IMPLIES (FORALL (t: (S)): f(t) = N) sum_0_non_neg : THEOREM sum(S,f) = 0 AND (FORALL (t: (S)): f(t) >= 0) IMPLIES (FORALL (t: (S)): f(t) = 0) sum_0_non_pos : THEOREM sum(S,f) = 0 AND (FORALL (t: (S)): f(t) <= 0) IMPLIES (FORALL (t: (S)): f(t) = 0) equal_sum_le : THEOREM sum(S, f) = sum(S, g) AND (FORALL (t: (S)): f(t) <= g(t)) IMPLIES (FORALL (t: (S)): f(t) = g(t)) equal_sum_ge : THEOREM sum(S, f) = sum(S, g) AND (FORALL (t: (S)): f(t) >= g(t)) IMPLIES (FORALL (t: (S)): f(t) = g(t)) h, h1, h2: VAR function[T -> nonneg_real] sum_0_non_neg2 : COROLLARY sum(S, h) = 0 IMPLIES (FORALL (t : (S)) : h(t) = 0) k, k1, k2: VAR function[T -> nonpos_real] sum_0_non_pos2 : COROLLARY sum(S, k) = 0 IMPLIES (FORALL (t : (S)) : k(t) = 0) %-------------------------------------------------- % Some relations between Sum(A, f) AND Sum(B, f) % when A is a subset of B %-------------------------------------------------- sum_subset: THEOREM subset?(A, B) IMPLIES sum(A, h) <= sum(B, h) sum_subset2: THEOREM subset?(A, B) IMPLIES sum(A, k) >= sum(B, k) sum_order_sub: THEOREM subset?(A, B) AND (FORALL (t:T): h1(t) <= h2(t)) IMPLIES sum(A, h1) <= sum(B, h2) sum_order_sub2: THEOREM subset?(A, B) AND (FORALL (t:T): k1(t) >= k2(t)) IMPLIES sum(A, k1) >= sum(B, k2) sum_subset3: THEOREM subset?(A, B) AND (FORALL (t: (B)): A(t) OR f(t) = 0) IMPLIES sum(A, f) = sum(B, f) END fsets_sum $$$fsets_sum.prf (fsets_sum (sum_TCC1 0 (sum_TCC1-1 nil 3239135181 3254006417 ("" (grind) nil nil) proved-complete ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (T formal-type-decl nil fsets_sum nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (member const-decl "bool" sets nil) (empty? const-decl "bool" sets nil) (nonempty? const-decl "bool" sets nil)) 73 70 nil nil)) (sum_TCC2 0 (sum_TCC2-1 nil 3239135181 3254006417 ("" (auto-rewrite "nonempty?" "card_rest") (("" (skosimp) (("" (assert) nil nil)) nil)) nil) proved-complete ((card_rest formula-decl nil finite_sets nil)) 246 100 nil nil)) (sum_emptyset 0 (sum_emptyset-1 nil 3239135181 3254006417 ("" (grind) nil nil) proved-complete ((emptyset const-decl "set" sets nil) (member const-decl "bool" sets nil) (empty? const-decl "bool" sets nil) (sum def-decl "real" fsets_sum nil)) 53 50 nil nil)) (sum_singleton 0 (sum_singleton-1 nil 3239135181 3254006418 ("" (auto-rewrite "singleton" "sum_emptyset" "nonempty?") (("" (skolem!) (("" (expand "sum") (("" (case "empty?(singleton(x!1))") (("1" (delete +) (("1" (grind) nil nil)) nil) ("2" (assert) (("2" (typepred "choose(singleton(x!1))") (("2" (case-replace "rest(singleton(x!1)) = emptyset") (("1" (reduce) nil nil) ("2" (delete 3) (("2" (apply-extensionality :hide? t) (("2" (grind :exclude ("empty?" "choose")) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((singleton const-decl "(singleton?)" sets nil) (singleton? const-decl "bool" sets nil) (empty? const-decl "bool" sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (T formal-type-decl nil fsets_sum nil) (member const-decl "bool" sets nil) (choose const-decl "(p)" sets nil) (nonempty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (/= const-decl "boolean" notequal nil) (remove const-decl "set" sets nil) (sum_emptyset formula-decl nil fsets_sum nil) (= const-decl "[T, T -> boolean]" equalities nil) (rest const-decl "set" sets nil) (emptyset const-decl "set" sets nil) (sum def-decl "real" fsets_sum nil)) 812 340 nil nil)) (sum_x 0 (sum_x-1 nil 3239135181 3254006420 ("" (skolem + (_ "f!1" _)) (("" (auto-rewrite "sum" "nonempty?" "emptyset" "card_rest" "card_remove") (("" (induct "S" :name "finite_set_induction_gen[T]") (("" (skosimp) (("" (skolem-typepred) (("" (case "empty?(S!1)") (("1" (delete -3 1) (("1" (grind) nil nil)) nil) ("2" (assert) (("2" (case "rest(S!1)(x!1)") (("1" (inst-cp - "rest(S!1)") (("1" (inst - "remove(x!1, S!1)") (("1" (assert) (("1" (inst - "choose(S!1)") (("1" (inst - "x!1") (("1" (case-replace "remove(x!1, rest(S!1)) = remove(choose(S!1), remove(x!1, S!1))") (("1" (assert) nil nil) ("2" (delete -3 -4 2 3) (("2" (apply-extensionality :hide? t) (("2" (grind) nil nil)) nil)) nil)) nil)) nil) ("2" (delete -3 2 3) (("2" (grind :exclude ("choose")) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -2) (("2" (grind :exclude ("choose" "empty?")) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((empty? const-decl "bool" sets nil) (member const-decl "bool" sets nil) (rest const-decl "set" sets nil) nil nil (nonempty? const-decl "bool" sets nil) (choose const-decl "(p)" sets nil) (/= const-decl "boolean" notequal nil) (card_rest formula-decl nil finite_sets nil) (card_remove formula-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (finite_set_induction_gen formula-decl nil finite_sets_inductions "finite_sets/") (T formal-type-decl nil fsets_sum nil) (remove const-decl "set" sets nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (sum def-decl "real" fsets_sum nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (pred type-eq-decl nil defined_types nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) 1840 780 t nil)) (sum_x1_x2 0 (sum_x1_x2-1 nil 3239135181 3254006420 ("" (skolem!) (("" (rewrite "sum_x" :dir rl) (("" (rewrite "sum_x" :dir rl) nil nil)) nil)) nil) proved-complete ((sum_x formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil)) 76 70 nil nil)) (sum_add 0 (sum_add-1 nil 3239135181 3254006420 ("" (skolem!) (("" (smash) (("1" (case-replace "add(x!1, S!1) = S!1") (("1" (delete 2) (("1" (auto-rewrite "add" "member") (("1" (apply-extensionality :hide? t) (("1" (smash) nil nil)) nil)) nil)) nil)) nil) ("2" (auto-rewrite "add") (("2" (use "sum_x" ("S" "add(x!1, S!1)")) (("2" (case-replace "remove(x!1, add(x!1, S!1)) = S!1") (("2" (delete -1 3) (("2" (auto-rewrite "remove" "add" "member") (("2" (apply-extensionality :hide? t) (("2" (smash) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((member const-decl "bool" sets nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (add const-decl "(nonempty?)" sets nil) (nonempty? const-decl "bool" sets nil) (= const-decl "[T, T -> boolean]" equalities nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (T formal-type-decl nil fsets_sum nil) (sum_x formula-decl nil fsets_sum nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (remove const-decl "set" sets nil)) 371 320 nil nil)) (sum_remove 0 (sum_remove-1 nil 3239135181 3254006421 ("" (skolem!) (("" (smash) (("1" (use "sum_x") (("1" (assert) nil nil)) nil) ("2" (case-replace "remove(x!1, S!1) = S!1") (("2" (delete 3) (("2" (auto-rewrite-defs) (("2" (apply-extensionality :hide? t) (("2" (smash) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (sum_x formula-decl nil fsets_sum nil) (member const-decl "bool" sets nil) (/= const-decl "boolean" notequal nil) (remove const-decl "set" sets nil) (= const-decl "[T, T -> boolean]" equalities nil)) 296 260 nil nil)) (sum_rest 0 (sum_rest-1 nil 3239135181 3254006421 ("" (auto-rewrite "sum") (("" (reduce) nil nil)) nil) proved-complete ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (T formal-type-decl nil fsets_sum nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (sum def-decl "real" fsets_sum nil)) 131 130 nil nil)) (sum_disj_union 0 (sum_disj_union-1 nil 3239135181 3254006422 ("" (auto-rewrite "sum_add" "sum_emptyset" "union" "member" "disjoint?" "intersection" "add" "empty?" "emptyset") (("" (skolem + ("A!1" _ "f!1")) (("" (induct "B" :name "finite_set_ind_modified[T]") (("1" (ground) (("1" (case-replace "union(A!1, emptyset[T]) = A!1") (("1" (delete -1 2) (("1" (apply-extensionality :hide? t) nil nil)) nil)) nil)) nil) ("2" (skosimp) (("2" (ground) (("1" (inst - "e!1") (("1" (case-replace "union(A!1, add(e!1, S!1)) = add(e!1, union(A!1, S!1))") (("1" (assert) (("1" (assert) nil nil)) nil) ("2" (delete -1 3 4) (("2" (apply-extensionality :hide? t) (("2" (smash) nil nil)) nil)) nil)) nil)) nil) ("2" (skosimp) (("2" (inst?) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((nonempty? const-decl "bool" sets nil) (add const-decl "(nonempty?)" sets nil) (sum_add formula-decl nil fsets_sum nil) (sum_emptyset formula-decl nil fsets_sum nil) (empty? const-decl "bool" sets nil) (intersection const-decl "set" sets nil) (emptyset const-decl "set" sets nil) (member const-decl "bool" sets nil) (finite_set_ind_modified formula-decl nil finite_sets_inductions "finite_sets/") (T formal-type-decl nil fsets_sum nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (union const-decl "set" sets nil) (sum def-decl "real" fsets_sum nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (disjoint? const-decl "bool" sets nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (pred type-eq-decl nil defined_types nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) 611 560 nil nil)) (sum_diff_subset 0 (sum_diff_subset-1 nil 3239135181 3254006422 ("" (skosimp) (("" (use "sum_disj_union" ("A" "A!1" "B" "difference(B!1, A!1)")) (("" (ground) (("1" (case-replace "union(A!1, difference(B!1, A!1)) = B!1") (("1" (assert) nil nil) ("2" (delete -1 2) (("2" (auto-rewrite-defs) (("2" (apply-extensionality :hide? t) (("2" (reduce) nil nil)) nil)) nil)) nil)) nil) ("2" (delete 2) (("2" (grind) nil nil)) nil)) nil)) nil)) nil) proved-complete ((sum_disj_union formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (difference const-decl "set" sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (disjoint? const-decl "bool" sets nil) (empty? const-decl "bool" sets nil) (intersection const-decl "set" sets nil) (union const-decl "set" sets nil) (= const-decl "[T, T -> boolean]" equalities nil) (subset? const-decl "bool" sets nil) (member const-decl "bool" sets nil)) 448 420 nil nil)) (sum_union 0 (sum_union-1 nil 3239135181 3254006423 ("" (skolem!) (("" (use "sum_diff_subset" ("A" "A!1" "B" "union(A!1, B!1)")) (("" (ground) (("1" (use "sum_diff_subset" ("A" "intersection(A!1, B!1)" "B" "B!1")) (("1" (ground) (("1" (case-replace "difference(union(A!1, B!1), A!1) = difference(B!1, intersection(A!1, B!1))") (("1" (assert) nil nil) ("2" (delete -1 -2 2) (("2" (apply-extensionality :hide? t) (("2" (grind) nil nil)) nil)) nil)) nil) ("2" (delete -1 2) (("2" (grind) nil nil)) nil)) nil)) nil) ("2" (delete 2) (("2" (grind) nil nil)) nil)) nil)) nil)) nil) proved-complete ((sum_diff_subset formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (union const-decl "set" sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (intersection const-decl "set" sets nil) (subset? const-decl "bool" sets nil) (difference const-decl "set" sets nil) (= const-decl "[T, T -> boolean]" equalities nil) (member const-decl "bool" sets nil)) 664 630 nil nil)) (sum_diff_intersection 0 (sum_diff_intersection-1 nil 3239135181 3254006423 ("" (skolem!) (("" (rewrite "sum_disj_union" :dir rl) (("1" (case-replace "union(difference(A!1, B!1), intersection(A!1, B!1)) = A!1") (("1" (delete 2) (("1" (apply-extensionality :hide? t) (("1" (grind) nil nil)) nil)) nil)) nil) ("2" (delete 2) (("2" (grind) nil nil)) nil)) nil)) nil) proved-complete ((sum_disj_union formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (difference const-decl "set" sets nil) (intersection const-decl "set" sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (member const-decl "bool" sets nil) (= const-decl "[T, T -> boolean]" equalities nil) (union const-decl "set" sets nil) (empty? const-decl "bool" sets nil) (disjoint? const-decl "bool" sets nil)) 336 310 nil nil)) (sum_f_g 0 (sum_f_g-1 nil 3239135181 3254006423 ("" (skolem + (_ "f!1" "g!1")) (("" (auto-rewrite "sum" "sum_emptyset" "nonempty?") (("" (induct "S" :name "finite_set_induction_rest[T]") (("1" (skosimp) (("1" (assert) nil nil)) nil) ("2" (skosimp) (("2" (ground) (("1" (inst?) (("1" (assert) nil nil)) nil) ("2" (delete 2) (("2" (grind :exclude ("choose")) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((/= const-decl "boolean" notequal nil) (member const-decl "bool" sets nil) (remove const-decl "set" sets nil) nil nil (rest const-decl "set" sets nil) (choose const-decl "(p)" sets nil) (nonempty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (sum_emptyset formula-decl nil fsets_sum nil) (finite_set_induction_rest formula-decl nil finite_sets_inductions "finite_sets/") (T formal-type-decl nil fsets_sum nil) (sum def-decl "real" fsets_sum nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (pred type-eq-decl nil defined_types nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) 360 340 nil nil)) (sum_particular 0 (sum_particular-1 nil 3239135181 3254006424 ("" (skolem!) (("" (smash) (("1" (use "sum_remove" ("f" "f!1")) (("1" (use "sum_remove" ("f" "f!1 WITH [x!1 := c!1]")) (("1" (assert) (("1" (use "sum_f_g" ("g" "f!1")) (("1" (ground) (("1" (delete -1 -2 2) (("1" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (rewrite "sum_f_g") nil nil)) nil)) nil) proved-complete ((sum_f_g formula-decl nil fsets_sum nil) (remove const-decl "set" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (/= const-decl "boolean" notequal nil) (member const-decl "bool" sets nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (T formal-type-decl nil fsets_sum nil) (sum_remove formula-decl nil fsets_sum nil)) 544 500 nil nil)) (sum_distributive 0 (sum_distributive-1 nil 3239135181 3254006424 ("" (skolem + (_ "f!1" "g!1")) (("" (auto-rewrite "sum" "sum_emptyset" "nonempty?") (("" (induct "A" :name "finite_set_induction_rest[T]") (("1" (assert) nil nil) ("2" (skosimp) (("2" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((sum_emptyset formula-decl nil fsets_sum nil) (finite_set_induction_rest formula-decl nil finite_sets_inductions "finite_sets/") (T formal-type-decl nil fsets_sum nil) (sum def-decl "real" fsets_sum nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (pred type-eq-decl nil defined_types nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) 336 310 nil nil)) (sum_const 0 (sum_const-1 nil 3239135181 3254006425 ("" (induct-and-simplify "S" :name "finite_set_induction_rest[T]" :defs nil :rewrites ("sum" "sum_emptyset" "card_emptyset" "card_rest")) nil nil) proved-complete ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (pred type-eq-decl nil defined_types nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (= const-decl "[T, T -> boolean]" equalities nil) (sum def-decl "real" fsets_sum nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (Card const-decl "nat" finite_sets nil) (card const-decl "{n: nat | n = Card(S)}" finite_sets nil) (T formal-type-decl nil fsets_sum nil) (finite_set_induction_rest formula-decl nil finite_sets_inductions "finite_sets/") (sum_emptyset formula-decl nil fsets_sum nil) (card_emptyset formula-decl nil finite_sets nil) (card_rest formula-decl nil finite_sets nil)) 869 820 nil nil)) (sum_mult 0 (sum_mult-1 nil 3239135181 3254006426 ("" (induct-and-simplify "S" :name "finite_set_induction_rest[T]" :defs nil :rewrites ("sum" "sum_emptyset")) nil nil) proved-complete ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (pred type-eq-decl nil defined_types nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (= const-decl "[T, T -> boolean]" equalities nil) (sum def-decl "real" fsets_sum nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (T formal-type-decl nil fsets_sum nil) (finite_set_induction_rest formula-decl nil finite_sets_inductions "finite_sets/") (sum_emptyset formula-decl nil fsets_sum nil)) 507 470 nil nil)) (sum_1_is_card 0 (sum_1_is_card-1 nil 3239135181 3254006426 ("" (skolem!) (("" (rewrite "sum_const") (("" (assert) nil nil)) nil)) nil) proved-complete ((sum_const formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil)) 388 380 nil nil)) (sum_update 0 (sum_update-1 nil 3239135181 3254006427 ("" (skolem!) (("" (smash) (("1" (auto-rewrite "member") (("1" (use "sum_remove" ("f" "f!1")) (("1" (use "sum_remove" ("f" "f!1 WITH [(t!1) := c!1]")) (("1" (assert) (("1" (case "sum(remove(t!1, S!1), f!1) = sum(remove(t!1, S!1), f!1 WITH [(t!1) := c!1])") (("1" (assert) nil nil) ("2" (rewrite "sum_f_g") (("2" (delete -1 -2 2 3) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (rewrite "sum_f_g") nil nil)) nil)) nil) proved-complete ((sum_remove formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (sum_f_g formula-decl nil fsets_sum nil) (member const-decl "bool" sets nil) (/= const-decl "boolean" notequal nil) (NOT const-decl "[bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (sum def-decl "real" fsets_sum nil) (remove const-decl "set" sets nil)) 481 430 t nil)) (sum_le 0 (sum_le-1 nil 3239135181 3254006427 ("" (induct-and-simplify "S" :name "finite_set_induction_rest[T]" :defs nil :rewrites ("sum" "sum_emptyset" "nonempty?") :if-match nil) (("" (inst - "f!1" "g!1") (("" (ground) (("1" (inst?) (("1" (assert) nil nil)) nil) ("2" (delete 2) (("2" (auto-rewrite "rest" "remove" "member") (("2" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((member const-decl "bool" sets nil) (remove const-decl "set" sets nil) nil nil (rest const-decl "set" sets nil) (choose const-decl "(p)" sets nil) (nonempty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (sum_emptyset formula-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (pred type-eq-decl nil defined_types nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (<= const-decl "bool" reals nil) (sum def-decl "real" fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (finite_set_induction_rest formula-decl nil finite_sets_inductions "finite_sets/")) 556 380 nil nil)) (sum_ge 0 (sum_ge-1 nil 3239135181 3254006427 ("" (skosimp) (("" (use "sum_le" ("f" "g!1" "g" "f!1")) (("" (reduce) nil nil)) nil)) nil) proved-complete ((sum_le formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil)) 190 80 nil nil)) (sum_lt 0 (sum_lt-1 nil 3239135181 3254006429 ("" (induct-and-simplify "E" :name "nonempty_finite_set_induct[T]" :defs nil :rewrites ("sum_singleton" "sum_add") :theories ("sets[T]") :if-match nil) (("1" (inst?) nil nil) ("2" (inst - "f!1" "g!1") (("2" (ground) (("1" (inst?) (("1" (assert) nil nil)) nil) ("2" (delete 2 3) (("2" (reduce) nil nil)) nil)) nil)) nil)) nil) proved-complete ((member const-decl "bool" sets nil) (add const-decl "(nonempty?)" sets nil) (nonempty? const-decl "bool" sets nil) (singleton? const-decl "bool" sets nil) (singleton const-decl "(singleton?)" sets nil) (sum_singleton formula-decl nil fsets_sum nil) (sum_add formula-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (pred type-eq-decl nil defined_types nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (< const-decl "bool" reals nil) (sum def-decl "real" fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (nonempty_finite_set_induct formula-decl nil finite_sets_inductions "finite_sets/")) 1300 580 nil nil)) (sum_gt 0 (sum_gt-1 nil 3239135181 3254006429 ("" (skosimp) (("" (use "sum_lt" ("f" "g!1" "g" "f!1")) (("" (reduce) nil nil)) nil)) nil) proved-complete ((sum_lt formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil)) 95 70 nil nil)) (sum_bound 0 (sum_bound-2 nil 3254074811 3254074821 ("" (skolem + ("N!1" _ "f!1")) (("" (induct-and-simplify "S" :name "finite_set_induction_rest[T]" :defs nil :if-match all :rewrites ("sum" "card_emptyset" "card_rest" "sum_emptyset" "nonempty?")) (("" (typepred "t!1") (("" (auto-rewrite-theory "sets[T]") (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((member const-decl "bool" sets nil) (remove const-decl "set" sets nil) (rest const-decl "set" sets nil) (SS!1 skolem-const-decl "non_empty_finite_set[T]" fsets_sum nil) (t!1 skolem-const-decl "(rest(SS!1))" fsets_sum nil) (choose const-decl "(p)" sets nil) (nonempty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (card_rest formula-decl nil finite_sets nil) (card_emptyset formula-decl nil finite_sets nil) (sum_emptyset formula-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (pred type-eq-decl nil defined_types nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (<= const-decl "bool" reals nil) (sum def-decl "real" fsets_sum nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (Card const-decl "nat" finite_sets nil) (card const-decl "{n: nat | n = Card(S)}" finite_sets nil) (T formal-type-decl nil fsets_sum nil) (finite_set_induction_rest formula-decl nil finite_sets_inductions "finite_sets/")) 7461 1550 nil nil) (sum_bound-1 nil 3239135181 3254007605 ("" (skolem + ("N!1" _ "f!1")) (("" (induct-and-simplify "S" :name "finite_set_induction_rest[T]" :defs nil :if-match all :rewrites ("sum" "card_emptyset" "card_rest" "sum_emptyset" "nonempty?")) (("" (typepred "t!1") (("" (auto-rewrite "rest" "remove" "member") (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((finite_set_induction_rest formula-decl nil finite_sets_inductions "finite_sets/") (T formal-type-decl nil fsets_sum nil) (card const-decl "{n: nat | n = Card(S)}" finite_sets nil) (Card const-decl "nat" finite_sets nil) (= const-decl "[T, T -> boolean]" equalities nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (sum def-decl "real" fsets_sum nil) (<= const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (pred type-eq-decl nil defined_types nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (sum_emptyset formula-decl nil fsets_sum nil) (card_emptyset formula-decl nil finite_sets nil) (card_rest formula-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (nonempty? const-decl "bool" sets nil) (choose const-decl "(p)" sets nil) nil nil (rest const-decl "set" sets nil) (remove const-decl "set" sets nil) (member const-decl "bool" sets nil)) 25622 1660 t nil)) (sum_bound2 0 (sum_bound2-1 nil 3239135181 3254007630 ("" (skolem + ("N!1" _ "f!1")) (("" (induct-and-simplify "S" :name "finite_set_induction_rest[T]" :defs nil :if-match all :rewrites ("sum" "card_emptyset" "card_rest" "sum_emptyset" "nonempty?")) (("" (typepred "t!1") (("" (auto-rewrite-theory "sets[T]") (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((finite_set_induction_rest formula-decl nil finite_sets_inductions "finite_sets/") (T formal-type-decl nil fsets_sum nil) (card const-decl "{n: nat | n = Card(S)}" finite_sets nil) (Card const-decl "nat" finite_sets nil) (= const-decl "[T, T -> boolean]" equalities nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (sum def-decl "real" fsets_sum nil) (>= const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (pred type-eq-decl nil defined_types nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (sum_emptyset formula-decl nil fsets_sum nil) (card_emptyset formula-decl nil finite_sets nil) (card_rest formula-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (nonempty? const-decl "bool" sets nil) (choose const-decl "(p)" sets nil) nil nil (rest const-decl "set" sets nil) (remove const-decl "set" sets nil) (member const-decl "bool" sets nil)) 20241 1890 t nil)) (sum_bound3 0 (sum_bound3-1 nil 3239135181 3254006433 ("" (auto-rewrite "sum_singleton" "card_singleton" "sum_add" "card_add") (("" (auto-rewrite-theory "sets[T]") (("" (induct-and-simplify "E" :name "nonempty_finite_set_induct[T]" :defs nil) nil nil)) nil)) nil) proved-complete ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (pred type-eq-decl nil defined_types nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (< const-decl "bool" reals nil) (sum def-decl "real" fsets_sum nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (Card const-decl "nat" finite_sets nil) (card const-decl "{n: nat | n = Card(S)}" finite_sets nil) (nonempty_finite_set_induct formula-decl nil finite_sets_inductions "finite_sets/") (sum_singleton formula-decl nil fsets_sum nil) (card_singleton formula-decl nil finite_sets nil) (singleton? const-decl "bool" sets nil) (sum_add formula-decl nil fsets_sum nil) (card_add formula-decl nil finite_sets nil) (nonempty? const-decl "bool" sets nil) (member const-decl "bool" sets nil) (add const-decl "(nonempty?)" sets nil) (singleton const-decl "(singleton?)" sets nil) (T formal-type-decl nil fsets_sum nil)) 1501 1440 nil nil)) (sum_bound4 0 (sum_bound4-1 nil 3239135181 3254006435 ("" (induct-and-simplify "E" :name "nonempty_finite_set_induct[T]" :defs nil :rewrites ("sum_singleton" "card_singleton" "sum_add" "card_add") :theories "sets[T]") nil nil) proved-complete ((nonempty? const-decl "bool" sets nil) (card_add formula-decl nil finite_sets nil) (sum_add formula-decl nil fsets_sum nil) (singleton? const-decl "bool" sets nil) (card_singleton formula-decl nil finite_sets nil) (sum_singleton formula-decl nil fsets_sum nil) (nonempty_finite_set_induct formula-decl nil finite_sets_inductions "finite_sets/") (card const-decl "{n: nat | n = Card(S)}" finite_sets nil) (Card const-decl "nat" finite_sets nil) (= const-decl "[T, T -> boolean]" equalities nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (sum def-decl "real" fsets_sum nil) (> const-decl "bool" reals nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (pred type-eq-decl nil defined_types nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (member const-decl "bool" sets nil) (add const-decl "(nonempty?)" sets nil) (singleton const-decl "(singleton?)" sets nil) (T formal-type-decl nil fsets_sum nil)) 1519 1480 nil nil)) (sum_nonneg 0 (sum_nonneg-1 nil 3239135181 3254006435 ("" (skosimp) (("" (forward-chain "sum_bound2") (("" (assert) nil nil)) nil)) nil) proved-complete ((sum_bound2 formula-decl nil fsets_sum nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (T formal-type-decl nil fsets_sum nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil)) 322 310 nil nil)) (sum_nonpos 0 (sum_nonpos-1 nil 3239135181 3254006435 ("" (skosimp) (("" (forward-chain "sum_bound") (("" (assert) nil nil)) nil)) nil) proved-complete ((sum_bound formula-decl nil fsets_sum nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (T formal-type-decl nil fsets_sum nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil)) 322 300 nil nil)) (sum_pos 0 (sum_pos-1 nil 3239135181 3254006436 ("" (skosimp*) (("" (auto-rewrite "remove" "member") (("" (use "sum_nonneg" ("S" "remove(t!1, S!1)")) (("" (ground) (("1" (use "sum_remove") (("1" (assert) nil nil)) nil) ("2" (delete -2 2) (("2" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((sum_remove formula-decl nil fsets_sum nil) (member const-decl "bool" sets nil) nil nil nil (NOT const-decl "[bool -> bool]" booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (remove const-decl "set" sets nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (T formal-type-decl nil fsets_sum nil) (sum_nonneg formula-decl nil fsets_sum nil)) 262 250 nil nil)) (sum_pos2 0 (sum_pos2-1 nil 3239135181 3254006436 ("" (skosimp) (("" (forward-chain "sum_bound4") (("" (assert) nil nil)) nil)) nil) proved-complete ((sum_bound4 formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil)) 325 310 nil nil)) (sum_neg 0 (sum_neg-1 nil 3239135181 3254006436 ("" (skosimp*) (("" (auto-rewrite "remove" "member") (("" (use "sum_nonpos" ("S" "remove(t!1, S!1)")) (("" (ground) (("1" (use "sum_remove") (("1" (assert) nil nil)) nil) ("2" (delete -2 2) (("2" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((sum_remove formula-decl nil fsets_sum nil) (member const-decl "bool" sets nil) nil nil nil (NOT const-decl "[bool -> bool]" booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (remove const-decl "set" sets nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (T formal-type-decl nil fsets_sum nil) (sum_nonpos formula-decl nil fsets_sum nil)) 272 250 nil nil)) (sum_neg2 0 (sum_neg2-1 nil 3239135181 3254006436 ("" (skosimp) (("" (forward-chain "sum_bound3") (("" (assert) nil nil)) nil)) nil) proved-complete ((sum_bound3 formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil)) 330 310 nil nil)) (sum_zero 0 (sum_zero-1 nil 3239135181 3254006437 ("" (skosimp) (("" (use* "sum_nonneg" "sum_nonpos") (("" (apply (repeat (then (split) (skolem!) (inst?) (assert)))) nil nil)) nil)) nil) proved-complete ((sum_nonneg formula-decl nil fsets_sum nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (T formal-type-decl nil fsets_sum nil) (sum_nonpos formula-decl nil fsets_sum nil)) 113 110 nil nil)) (sum_closure1 0 (sum_closure1-1 nil 3239135181 3254006437 ("" (skolem + (_ "U!1" "f!1")) (("" (induct-and-simplify "E" :name "nonempty_finite_set_induct[T]" :rewrites ("sum_add" "sum_singleton") :exclude ("sum") :theories ("sets[T]")) (("" (inst? -2) nil nil)) nil)) nil) proved-complete ((T formal-type-decl nil fsets_sum nil) (singleton const-decl "(singleton?)" sets nil) (add const-decl "(nonempty?)" sets nil) (member const-decl "bool" sets nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (pred type-eq-decl nil defined_types nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (sum def-decl "real" fsets_sum nil) (nonempty_finite_set_induct formula-decl nil finite_sets_inductions "finite_sets/") (sum_singleton formula-decl nil fsets_sum nil) (singleton? const-decl "bool" sets nil) (sum_add formula-decl nil fsets_sum nil) nil nil nil nil (nonempty? const-decl "bool" sets nil)) 777 690 nil nil)) (sum_closure2 0 (sum_closure2-1 nil 3239135181 3254006438 ("" (skolem + (_ "U!1" "f!1")) (("" (auto-rewrite "sum" "sum_emptyset" "rest" "remove" "member" "nonempty?") (("" (induct "S" :name "finite_set_induction_rest[T]") (("1" (reduce) nil nil) ("2" (reduce) nil nil)) nil)) nil)) nil) proved-complete ((non_empty_finite_set type-eq-decl nil finite_sets nil) (empty? const-decl "bool" sets nil) (NOT const-decl "[bool -> bool]" booleans nil) nil nil (choose const-decl "(p)" sets nil) (nonempty? const-decl "bool" sets nil) (remove const-decl "set" sets nil) nil nil (member const-decl "bool" sets nil) (rest const-decl "set" sets nil) (sum_emptyset formula-decl nil fsets_sum nil) (finite_set_induction_rest formula-decl nil finite_sets_inductions "finite_sets/") (T formal-type-decl nil fsets_sum nil) (sum def-decl "real" fsets_sum nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (pred type-eq-decl nil defined_types nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) 656 600 nil nil)) (sum_nnreal_is_nnreal 0 (sum_nnreal_is_nnreal-1 nil 3239135181 3254006438 ("" (skolem!) (("" (rewrite "sum_nonneg") (("" (skolem!) (("" (assert) nil nil)) nil)) nil)) nil) proved-complete ((sum_nonneg formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil)) 49 50 nil nil)) (sum_npreal_is_npreal 0 (sum_npreal_is_npreal-1 nil 3239135181 3254006438 ("" (skolem!) (("" (rewrite "sum_nonpos") (("" (skolem!) (("" (assert) nil nil)) nil)) nil)) nil) proved-complete ((sum_nonpos formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (<= const-decl "bool" reals nil) (nonpos_real nonempty-type-eq-decl nil real_types nil)) 70 60 nil nil)) (sum_posreal_is_posreal 0 (sum_posreal_is_posreal-1 nil 3239135181 3254006438 ("" (skolem!) (("" (rewrite "sum_pos2") (("" (skolem!) (("" (assert) nil nil)) nil)) nil)) nil) proved-complete ((sum_pos2 formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil)) 83 80 nil nil)) (sum_negreal_is_negreal 0 (sum_negreal_is_negreal-1 nil 3239135181 3254006438 ("" (skolem!) (("" (rewrite "sum_neg2") (("" (skolem!) (("" (assert) nil nil)) nil)) nil)) nil) proved-complete ((sum_neg2 formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (<= const-decl "bool" reals nil) (nonpos_real nonempty-type-eq-decl nil real_types nil) (< const-decl "bool" reals nil) (negreal nonempty-type-eq-decl nil real_types nil)) 83 80 nil nil)) (sum_rat_is_rat 0 (sum_rat_is_rat-1 nil 3239135181 3254006439 ("" (skolem!) (("" (rewrite "sum_closure2") nil nil)) nil) proved-complete ((sum_closure2 formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rat nonempty-type-eq-decl nil rationals nil)) 188 170 nil nil)) (sum_nnrat_is_nnrat 0 (sum_nnrat_is_nnrat-1 nil 3239135181 3254006439 ("" (skolem!) (("" (assert) nil nil)) nil) proved-complete nil 101 100 nil nil)) (sum_nprat_is_nprat 0 (sum_nprat_is_nprat-1 nil 3239135181 3254006439 ("" (skolem!) (("" (rewrite "sum_npreal_is_npreal") nil nil)) nil) proved-complete ((sum_npreal_is_npreal judgement-tcc nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (<= const-decl "bool" reals nil) (nonpos_real nonempty-type-eq-decl nil real_types nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (nonpos_rat nonempty-type-eq-decl nil rationals nil)) 103 100 nil nil)) (sum_posrat_is_posrat 0 (sum_posrat_is_posrat-1 nil 3239135181 3254006439 ("" (subtype-tcc) nil nil) proved-complete ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (T formal-type-decl nil fsets_sum nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (member const-decl "bool" sets nil) (injective? const-decl "bool" functions nil)) 230 210 nil nil)) (sum_negrat_is_negrat 0 (sum_negrat_is_negrat-1 nil 3239135181 3254006439 ("" (skolem!) (("" (rewrite "sum_negreal_is_negreal") nil nil)) nil) proved-complete ((sum_negreal_is_negreal judgement-tcc nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (<= const-decl "bool" reals nil) (nonpos_real nonempty-type-eq-decl nil real_types nil) (< const-decl "bool" reals nil) (negreal nonempty-type-eq-decl nil real_types nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (nonpos_rat nonempty-type-eq-decl nil rationals nil) (negrat nonempty-type-eq-decl nil rationals nil)) 148 150 nil nil)) (sum_int_is_int 0 (sum_int_is_int-1 nil 3239135181 3254006440 ("" (auto-rewrite-theory "integers") (("" (induct-and-simplify "S" 1 "finite_set_induction_rest[T]" :defs nil :rewrites ("sum_emptyset" "sum")) nil nil)) nil) proved-complete ((closed_plus formula-decl nil integers nil) (sum_emptyset formula-decl nil fsets_sum nil) (finite_set_induction_rest formula-decl nil finite_sets_inductions "finite_sets/") (T formal-type-decl nil fsets_sum nil) (sum def-decl "real" fsets_sum nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (pred type-eq-decl nil defined_types nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) 509 480 nil nil)) (sum_npint_is_npint 0 (sum_npint_is_npint-1 nil 3239135181 3254006440 ("" (skolem!) (("" (rewrite "sum_npreal_is_npreal") nil nil)) nil) proved-complete ((sum_npreal_is_npreal judgement-tcc nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (<= const-decl "bool" reals nil) (nonpos_real nonempty-type-eq-decl nil real_types nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (nonpos_int nonempty-type-eq-decl nil integers nil)) 234 210 nil nil)) (sum_negint_is_negint 0 (sum_negint_is_negint-1 nil 3239135181 3254006440 ("" (skolem!) (("" (rewrite "sum_negreal_is_negreal") nil nil)) nil) proved-complete ((sum_negreal_is_negreal judgement-tcc nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil) (empty? const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (<= const-decl "bool" reals nil) (nonpos_real nonempty-type-eq-decl nil real_types nil) (< const-decl "bool" reals nil) (negreal nonempty-type-eq-decl nil real_types nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (nonpos_int nonempty-type-eq-decl nil integers nil) (negint nonempty-type-eq-decl nil integers nil)) 261 270 nil nil)) (sum_nat_is_nat 0 (sum_nat_is_nat-1 nil 3239135181 3254006440 ("" (skolem!) (("" (rewrite "sum_nnreal_is_nnreal") nil nil)) nil) proved-complete ((sum_nnreal_is_nnreal judgement-tcc nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (nat nonempty-type-eq-decl nil naturalnumbers nil)) 328 320 nil nil)) (sum_posnat_is_posnat 0 (sum_posnat_is_posnat-1 nil 3239135181 3254006441 ("" (auto-rewrite-defs :explicit? t) (("" (assert) (("" (skolem-typepred) (("" (assert) nil nil)) nil)) nil)) nil) proved-complete ((injective? const-decl "bool" functions nil) (member const-decl "bool" sets nil) (non_empty_finite_set type-eq-decl nil finite_sets nil) (empty? const-decl "bool" sets nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (T formal-type-decl nil fsets_sum nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) 540 510 nil nil)) (sum_max_bound 0 (sum_max_bound-1 nil 3239135181 3254006444 ("" (skosimp) (("" (skolem!) (("" (auto-rewrite "card_remove" "member") (("" (use "sum_bound" ("S" "remove(t!1, S!1)" "N" "N!1")) (("" (ground) (("1" (use "sum_remove") (("1" (assert) (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (delete -1 2) (("2" (auto-rewrite "remove") (("2" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((sum_bound formula-decl nil fsets_sum nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (T formal-type-decl nil fsets_sum nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (remove const-decl "set" sets nil) (member const-decl "bool" sets nil) nil nil nil (NOT const-decl "[bool -> bool]" booleans nil) (sum_remove formula-decl nil fsets_sum nil) (card_remove formula-decl nil finite_sets nil)) 3056 1240 nil nil)) (sum_min_bound 0 (sum_min_bound-1 nil 3239135181 3254006447 ("" (skosimp) (("" (skolem!) (("" (auto-rewrite "card_remove" "member") (("" (use "sum_bound2" ("S" "remove(t!1, S!1)" "N" "N!1")) (("" (ground) (("1" (use "sum_remove") (("1" (assert) (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (delete -1 2) (("2" (auto-rewrite "remove") (("2" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((sum_bound2 formula-decl nil fsets_sum nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (T formal-type-decl nil fsets_sum nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (remove const-decl "set" sets nil) (member const-decl "bool" sets nil) nil nil nil (NOT const-decl "[bool -> bool]" booleans nil) (sum_remove formula-decl nil fsets_sum nil) (card_remove formula-decl nil finite_sets nil)) 2605 1280 nil nil)) (sum_0_non_neg 0 (sum_0_non_neg-1 nil 3239135181 3254006448 ("" (skosimp) (("" (use "sum_min_bound") (("" (ground) nil nil)) nil)) nil) proved-complete ((sum_min_bound formula-decl nil fsets_sum nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (T formal-type-decl nil fsets_sum nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 1116 750 nil nil)) (sum_0_non_pos 0 (sum_0_non_pos-1 nil 3239135181 3254006449 ("" (skosimp) (("" (use "sum_max_bound") (("" (ground) nil nil)) nil)) nil) proved-complete ((sum_max_bound formula-decl nil fsets_sum nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (T formal-type-decl nil fsets_sum nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 1420 720 nil nil)) (equal_sum_le 0 (equal_sum_le-1 nil 3239135181 3254006451 ("" (skosimp*) (("" (assert) (("" (use "sum_le" ("S" "remove(t!1, S!1)" "f" "f!1" "g" "g!1")) (("" (ground) (("1" (auto-rewrite "member") (("1" (use "sum_remove" ("f" "f!1")) (("1" (use "sum_remove" ("f" "g!1")) (("1" (assert) (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete -1 2) (("2" (auto-rewrite "remove" "member") (("2" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((sum_remove formula-decl nil fsets_sum nil) (NOT const-decl "[bool -> bool]" booleans nil) nil nil nil (member const-decl "bool" sets nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (remove const-decl "set" sets nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (T formal-type-decl nil fsets_sum nil) (sum_le formula-decl nil fsets_sum nil)) 1628 950 nil nil)) (equal_sum_ge 0 (equal_sum_ge-1 nil 3239135181 3254006452 ("" (skosimp) (("" (use "equal_sum_le" ("f" "g!1" "g" "f!1")) (("" (reduce) nil nil)) nil)) nil) proved-complete ((equal_sum_le formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (NOT const-decl "[bool -> bool]" booleans nil)) 949 740 nil nil)) (sum_0_non_neg2 0 (sum_0_non_neg2-1 nil 3239135181 3254006452 ("" (skosimp) (("" (use "sum_0_non_neg") (("" (ground) (("" (skolem!) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((sum_0_non_neg formula-decl nil fsets_sum nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (T formal-type-decl nil fsets_sum nil)) 580 520 nil nil)) (sum_0_non_pos2 0 (sum_0_non_pos2-1 nil 3239135181 3254006453 ("" (skosimp) (("" (use "sum_0_non_pos") (("" (ground) (("" (skolem!) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((sum_0_non_pos formula-decl nil fsets_sum nil) (nonpos_real nonempty-type-eq-decl nil real_types nil) (<= const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (finite_set type-eq-decl nil finite_sets nil) (is_finite const-decl "bool" finite_sets nil) (set type-eq-decl nil sets nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (T formal-type-decl nil fsets_sum nil)) 630 570 nil nil)) (sum_subset 0 (sum_subset-1 nil 3239135181 3254006454 ("" (skosimp) (("" (use "sum_diff_subset" ("A" "A!1" "B" "B!1")) (("" (assert) (("" (use "sum_nonneg" ("S" "difference(B!1, A!1)")) (("" (ground) nil nil)) nil)) nil)) nil)) nil) proved-complete ((sum_diff_subset formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (difference const-decl "set" sets nil) (sum_nonneg formula-decl nil fsets_sum nil)) 825 720 nil nil)) (sum_subset2 0 (sum_subset2-1 nil 3239135181 3254006455 ("" (skosimp) (("" (use "sum_diff_subset" ("A" "A!1" "B" "B!1")) (("" (assert) (("" (use "sum_nonpos" ("S" "difference(B!1, A!1)")) (("" (ground) nil nil)) nil)) nil)) nil)) nil) proved-complete ((sum_diff_subset formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (nonpos_real nonempty-type-eq-decl nil real_types nil) (<= const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (difference const-decl "set" sets nil) (sum_nonpos formula-decl nil fsets_sum nil)) 1091 830 nil nil)) (sum_order_sub 0 (sum_order_sub-1 nil 3239135181 3254006456 ("" (skosimp) (("" (use "sum_subset" ("h" "h1!1")) (("" (assert) (("" (use "sum_le" ("S" "B!1" "f" "h1!1" "g" "h2!1")) (("" (ground) (("" (delete -1 -2 2) (("" (reduce) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((sum_subset formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (sum_le formula-decl nil fsets_sum nil) (NOT const-decl "[bool -> bool]" booleans nil)) 830 790 nil nil)) (sum_order_sub2 0 (sum_order_sub2-1 nil 3239135181 3254006457 ("" (skosimp) (("" (use "sum_subset2" ("k" "k1!1")) (("" (assert) (("" (use "sum_ge" ("S" "B!1" "f" "k1!1" "g" "k2!1")) (("" (ground) (("" (skolem!) (("" (inst?) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((sum_subset2 formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (<= const-decl "bool" reals nil) (nonpos_real nonempty-type-eq-decl nil real_types nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (sum_ge formula-decl nil fsets_sum nil)) 713 640 nil nil)) (sum_subset3 0 (sum_subset3-1 nil 3239135181 3254006457 ("" (skosimp) (("" (use "sum_diff_subset" ("f" "f!1" "A" "A!1" "B" "B!1")) (("" (assert) (("" (use "sum_zero" ("S" "difference(B!1, A!1)")) (("" (ground) (("" (delete -1 -2 2) (("" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((sum_diff_subset formula-decl nil fsets_sum nil) (T formal-type-decl nil fsets_sum nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (set type-eq-decl nil sets nil) (is_finite const-decl "bool" finite_sets nil) (finite_set type-eq-decl nil finite_sets nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (difference const-decl "set" sets nil) (sum_zero formula-decl nil fsets_sum nil) (NOT const-decl "[bool -> bool]" booleans nil) nil nil nil (member const-decl "bool" sets nil)) 919 720 nil nil))) $$$tasks_and_jobs.pvs tasks_and_jobs [ n: posnat ] : THEORY BEGIN task: NONEMPTY_TYPE = below(n) job: NONEMPTY_TYPE = [task, nat] set_of_tasks: JUDGEMENT set[task] SUBTYPE_OF finite_set[task] END tasks_and_jobs $$$tasks_and_jobs.prf (|tasks_and_jobs| (|task_TCC1| "" (INST + "0") (("" (ASSERT) NIL NIL)) NIL) (|set_of_tasks| "" (GRIND :IF-MATCH NIL) (("" (INST + "n" "lambda (i: (x!1)): i") (("" (SKOSIMP) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) $$$max_bounded.pvs max_bounded[T: TYPE FROM nat] : THEORY BEGIN x, y: VAR nat E: VAR set[T] %------------------------- % Bound and bounded set %------------------------- bound(E, x): bool = FORALL (y: (E)): y <= x sup(E, x): bool = bound(E, x) AND FORALL y: bound(E, y) IMPLIES x <= y sup_unique: LEMMA sup(E, x) AND sup(E, y) IMPLIES x = y bounded?(E): bool = EXISTS x: bound(E, x) bounded_set: TYPE = { E | bounded?(E) } F, F1, F2: VAR bounded_set sup_exists: LEMMA EXISTS x: sup(F, x) sup_empty: LEMMA empty?(F) IMPLIES sup(F, 0) sup_nonempty: LEMMA not empty?(F) IMPLIES EXISTS (x: (F)): sup(F, x) %------------------------------------ % Maximum element of a bounded set %------------------------------------ A, B: VAR { F | not empty?(F) } bounded_union1: JUDGEMENT union(F1, F2) HAS_TYPE bounded_set bounded_union2: JUDGEMENT union(A, B) HAS_TYPE { F | not empty?(F) } bounded_inter1: JUDGEMENT intersection(F, E) HAS_TYPE bounded_set bounded_inter2: JUDGEMENT intersection(E, F) HAS_TYPE bounded_set max(A): { (x:(A)) | sup(A, x) } max_prop1: LEMMA FORALL (y: (A)): y <= max(A) max_prop2: LEMMA max(A) <= x IFF FORALL (y: (A)): y <= x max_subset: LEMMA subset?(A, B) IMPLIES max(A) <= max(B) max_union: LEMMA max(union(A, B)) = max(max(A), max(B)) max_intersection1: LEMMA not empty?(intersection(A, E)) IMPLIES max(intersection(A, E)) <= max(A) max_intersection2: LEMMA not empty?(intersection(E, B)) IMPLIES max(intersection(E, B)) <= max(B) END max_bounded $$$max_bounded.prf (max_bounded (sup_unique 0 (sup_unique-1 nil 3237042679 nil ("" (expand "sup") (("" (reduce :if-match all) nil nil)) nil) untried nil nil nil nil nil)) (sup_exists 0 (sup_exists-1 nil 3237042679 nil ("" (lemma "wf_nat") (("" (grind :if-match nil :exclude ("bound")) (("" (delete -1) (("" (inst - "{ n: nat | bound(F!1, n) }") (("" (ground) (("" (skosimp* :preds? t) (("" (inst? +) (("" (assert) (("" (skosimp) (("" (assert) (("" (inst - "y!2") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) untried nil nil nil nil nil)) (sup_empty 0 (sup_empty-1 nil 3237042679 nil ("" (grind) nil nil) untried nil nil nil nil nil)) (sup_nonempty 0 (sup_nonempty-1 nil 3237042679 nil ("" (skosimp) (("" (use "sup_exists") (("" (skolem!) (("" (inst?) (("" (expand* "empty?" "member" "sup" "bound") (("" (skolem!) (("" (flatten) (("" (assert) (("" (inst -2 "x!1 - 1") (("1" (assert) (("1" (skolem!) (("1" (inst - "y!1") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (inst - "x!2") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) untried nil nil nil nil nil)) (bounded_union1 0 (bounded_union1-1 nil 3237042679 nil ("" (grind :if-match nil) (("" (inst + "max(x!1, x!2)") (("" (reduce :if-match nil) (("1" (inst?) (("1" (assert) nil nil)) nil) ("2" (inst? -6) (("2" (assert) nil nil)) nil)) nil)) nil)) nil) nil nil nil nil nil nil)) (bounded_union2 0 (bounded_union2-1 nil 3237042679 nil ("" (grind :exclude ("bounded?")) nil nil) nil nil nil nil nil nil)) (bounded_inter1 0 (bounded_inter1-1 nil 3237042679 3237044247 ("" (grind :if-match nil) (("" (inst + "x!1") (("" (apply (then (skolem-typepred) (inst?) (assert))) nil nil)) nil)) nil) proved ((intersection const-decl "set" sets nil) (member const-decl "bool" sets nil) (F!1 skolem-const-decl "bounded_set" max_bounded nil) (E!1 skolem-const-decl "set[T]" max_bounded nil) (y!1 skolem-const-decl "(intersection[T](F!1, E!1))" max_bounded nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (T_pred const-decl "[nat -> boolean]" max_bounded nil) (T formal-subtype-decl nil max_bounded nil) (set type-eq-decl nil sets nil) (bounded_set type-eq-decl nil max_bounded nil) (bounded? const-decl "bool" max_bounded nil) (bound const-decl "bool" max_bounded nil)) 67850 4530 t nil)) (bounded_inter2 0 (bounded_inter2-2 "removed inst! from old proof" 3237044295 3237044295 ("" (grind :if-match nil) (("" (inst + "x!1") (("" (apply (then (skolem-typepred) (inst?) (assert))) nil nil)) nil)) nil) proved nil 41718 2860 t shostak) (bounded_inter2-1 nil 3237042679 nil ("" (grind :if-match nil) (("" (inst + "x!1") (("" (reduce :instantiator inst!) nil nil)) nil)) nil) proved ((intersection const-decl "set" sets nil) (member const-decl "bool" sets nil) (F!1 skolem-const-decl "bounded_set" max_bounded nil) (E!1 skolem-const-decl "set[T]" max_bounded nil) (y!1 skolem-const-decl "(intersection[T](E!1, F!1))" max_bounded nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (real_pred const-decl "[number -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (>= const-decl "bool" reals nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (T_pred const-decl "[nat -> boolean]" max_bounded nil) (T formal-subtype-decl nil max_bounded nil) (set type-eq-decl nil sets nil) (bounded_set type-eq-decl nil max_bounded nil) (bounded? const-decl "bool" max_bounded nil) (bound const-decl "bool" max_bounded nil)) nil nil nil nil)) (max_TCC1 0 (max_TCC1-1 nil 3237042679 nil ("" (inst + "lambda A: epsilon! (x: (A)): sup(A, x)") (("1" (skolem-typepred) (("1" (use "epsilon_ax[(A!1)]") (("1" (ground) (("1" (rewrite "sup_nonempty") nil nil)) nil) ("2" (delete -1 3) (("2" (grind) nil nil)) nil)) nil)) nil) ("2" (skolem-typepred) (("2" (delete -) (("2" (grind) nil nil)) nil)) nil)) nil) nil nil nil nil nil nil)) (max_prop1 0 (max_prop1-1 nil 3237042679 3237044167 ("" (skolem!) (("" (typepred "max(A!1)") (("" (grind) nil nil)) nil)) nil) unfinished ((max const-decl "{x: (A) | sup(A, x)}" max_bounded nil) (sup const-decl "bool" max_bounded nil) (empty? const-decl "bool" sets nil) (bounded_set type-eq-decl nil max_bounded nil) (bounded? const-decl "bool" max_bounded nil) (set type-eq-decl nil sets nil) (T formal-subtype-decl nil max_bounded nil) (T_pred const-decl "[nat -> boolean]" max_bounded nil) (nat nonempty-type-eq-decl nil naturalnumbers nil) (>= const-decl "bool" reals nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number -> boolean]" reals nil) (number nonempty-type-decl nil numbers nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (bound const-decl "bool" max_bounded nil)) 5701 850 t nil)) (max_prop2 0 (max_prop2-1 nil 3237042679 nil ("" (skolem!) (("" (typepred "max(A!1)") (("" (expand* "sup" "bound") (("" (ground) (("1" (skolem!) (("1" (inst - "y!1") (("1" (assert) nil nil)) nil)) nil) ("2" (inst? -5) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) untried nil nil nil nil nil)) (max_subset 0 (max_subset-1 nil 3237042679 nil ("" (skosimp) (("" (rewrite "max_prop2") (("" (grind :if-match nil) (("" (inst?) (("" (assert) (("" (use "max_prop1" ("A" "B!1" "y" "y!1")) nil nil)) nil)) nil)) nil)) nil)) nil) untried nil nil nil nil nil)) (max_union 0 (max_union-1 nil 3237042679 nil ("" (skolem!) (("" (case "max(max(A!1), max(B!1)) <= max(union(A!1, B!1))") (("1" (assert) (("1" (use "max_prop2" ("A" "union(A!1, B!1)" "x" "max(max(A!1), max(B!1))")) (("1" (ground) (("1" (delete -1 2 3) (("1" (grind :exclude "max") (("1" (use "max_prop1" ("A" "A!1" "y" "y!1")) (("1" (assert) nil nil)) nil) ("2" (use "max_prop1" ("A" "B!1" "y" "y!1")) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (delete 2) (("2" (expand "max") (("2" (lift-if) (("2" (ground) (("1" (rewrite "max_subset") (("1" (delete -1 2) (("1" (grind) nil nil)) nil)) nil) ("2" (rewrite "max_subset") (("2" (delete 2 3) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) untried nil nil nil nil nil)) (max_intersection1 0 (max_intersection1-1 nil 3237042679 nil ("" (skosimp) (("" (assert) (("" (rewrite "max_subset") (("" (delete 2 3) (("" (grind) nil nil)) nil)) nil)) nil)) nil) untried nil nil nil nil nil)) (max_intersection2 0 (max_intersection2-1 nil 3237042679 nil ("" (skosimp) (("" (assert) (("" (rewrite "max_subset") (("" (delete 2 3) (("" (grind) nil nil)) nil)) nil)) nil)) nil) untried nil nil nil nil nil))) $$$command_adt.pvs %%% ADT file generated from command command_adt: THEORY BEGIN IMPORTING basic_types command: TYPE P?, V?, step?: [command -> boolean] P: [semaphore -> (P?)] request: [(P?) -> semaphore] V: [semaphore -> (V?)] sem: [(V?) -> semaphore] Step: (step?) ord(x: command): upto(2) = CASES x OF P(P1_var): 0, V(V1_var): 1, Step: 2 ENDCASES command_P_extensionality: AXIOM FORALL (P?_var: (P?), (P?_var2: (P?))): request(P?_var) = request(P?_var2) IMPLIES P?_var = P?_var2; command_P_eta: AXIOM FORALL (P?_var: (P?)): P(request(P?_var)) = P?_var; command_V_extensionality: AXIOM FORALL (V?_var: (V?), (V?_var2: (V?))): sem(V?_var) = sem(V?_var2) IMPLIES V?_var = V?_var2; command_V_eta: AXIOM FORALL (V?_var: (V?)): V(sem(V?_var)) = V?_var; command_Step_extensionality: AXIOM FORALL (step?_var: (step?), (step?_var2: (step?))): step?_var = step?_var2; command_request_P: AXIOM FORALL (P1_var: semaphore): request(P(P1_var)) = P1_var; command_sem_V: AXIOM FORALL (V1_var: semaphore): sem(V(V1_var)) = V1_var; command_inclusive: AXIOM FORALL (command_var: command): P?(command_var) OR V?(command_var) OR step?(command_var); command_induction: AXIOM FORALL (p: [command -> boolean]): (FORALL (P1_var: semaphore): p(P(P1_var))) AND (FORALL (V1_var: semaphore): p(V(V1_var))) AND p(Step) IMPLIES (FORALL (command_var: command): p(command_var)); subterm(x, y: command): boolean = x = y; <<(x, y: command): boolean = FALSE; command_well_founded: AXIOM well_founded?[command](<<); reduce_nat(P?_fun, V?_fun: [semaphore -> nat], (step?_fun: nat)): [command -> nat] = LAMBDA (command_adtvar: command): CASES command_adtvar OF P(P1_var): P?_fun(P1_var), V(V1_var): V?_fun(V1_var), Step: step?_fun ENDCASES; REDUCE_nat(P?_fun, V?_fun: [[semaphore, command] -> nat], (step?_fun: [command -> nat])): [command -> nat] = LAMBDA (command_adtvar: command): CASES command_adtvar OF P(P1_var): P?_fun(P1_var, command_adtvar), V(V1_var): V?_fun(V1_var, command_adtvar), Step: step?_fun(command_adtvar) ENDCASES; reduce_ordinal(P?_fun, V?_fun: [semaphore -> ordinal], (step?_fun: ordinal)): [command -> ordinal] = LAMBDA (command_adtvar: command): CASES command_adtvar OF P(P1_var): P?_fun(P1_var), V(V1_var): V?_fun(V1_var), Step: step?_fun ENDCASES; REDUCE_ordinal(P?_fun, V?_fun: [[semaphore, command] -> ordinal], (step?_fun: [command -> ordinal])): [command -> ordinal] = LAMBDA (command_adtvar: command): CASES command_adtvar OF P(P1_var): P?_fun(P1_var, command_adtvar), V(V1_var): V?_fun(V1_var, command_adtvar), Step: step?_fun(command_adtvar) ENDCASES; END command_adt command_adt_reduce[range: TYPE]: THEORY BEGIN IMPORTING basic_types IMPORTING command_adt reduce(P?_fun, V?_fun: [semaphore -> range], (step?_fun: range)): [command -> range] = LAMBDA (command_adtvar: command): CASES command_adtvar OF P(P1_var): P?_fun(P1_var), V(V1_var): V?_fun(V1_var), Step: step?_fun ENDCASES; REDUCE(P?_fun, V?_fun: [[semaphore, command] -> range], (step?_fun: [command -> range])): [command -> range] = LAMBDA (command_adtvar: command): CASES command_adtvar OF P(P1_var): P?_fun(P1_var, command_adtvar), V(V1_var): V?_fun(V1_var, command_adtvar), Step: step?_fun(command_adtvar) ENDCASES; END command_adt_reduce $$$basic_types.pvs basic_types : THEORY BEGIN %-------------------- % Priority of jobs %-------------------- maxprio: posnat priority: NONEMPTY_TYPE = below(maxprio) %-------------------------- % Semaphores and ceiling %-------------------------- semaphore: NONEMPTY_TYPE ceil: [semaphore -> priority] rsrc_set: TYPE = set[semaphore] END basic_types $$$basic_types.prf (|basic_types| (|priority_TCC1| "" (INST + "0") (("" (ASSERT) NIL)))) $$$command.pvs %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % commands available to jobs % % P(S): request to lock S % % V(S): request to unlock S % % Step: any other command % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% command : DATATYPE BEGIN IMPORTING basic_types P(request: semaphore): P? V(sem: semaphore): V? Step: step? END command $$$programs.pvs %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Programs: finite sequences of commands % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% programs : THEORY BEGIN IMPORTING command, max_bounded prog: TYPE = [# length: posnat, clist: [below(length) -> command] #] p: VAR prog s: VAR semaphore n: VAR priority %-------------------------------------------- % pc(p): type of index for program counter %-------------------------------------------- pc(p): NONEMPTY_TYPE = upto(length(p)) %-------------------------------------------------- % complete(p, i): index i points to the end of p % cmd(p, i): command for step i of p %-------------------------------------------------- complete(p, (i: pc(p))): bool = i = length(p) cmd(p, (i: below(length(p)))): command = clist(p)(i) %--------------------------------------------------- % Resources needed by p to perform step i = % all the resources acquired in steps [0..i-1] % and not released %--------------------------------------------------- needs(p, (i: pc(p))): RECURSIVE rsrc_set = IF i=0 THEN emptyset ELSE CASES cmd(p, i-1) OF P(s): add(s, needs(p, i-1)), V(s): remove(s, needs(p, i-1)), Step: needs(p, i-1) ENDCASES ENDIF MEASURE i %------------------------------------------------- % Resources used by p: % resources(p, i) = resources used in [0..i-1] % resources(p) = all resources used by p %------------------------------------------------- resources(p, (i: pc(p))): RECURSIVE rsrc_set = IF i=0 THEN emptyset ELSE CASES cmd(p, i-1) OF P(s): add(s, resources(p, i-1)), V(s): resources(p, i-1), Step: resources(p, i-1) ENDCASES ENDIF MEASURE i resources(p): rsrc_set = resources(p, length(p)) %----------------------------------------- % Relations between needs and resources %----------------------------------------- rsrc_needs1: LEMMA FORALL (i: pc(p)): subset?(needs(p, i), resources(p, i)) rsrc_needs2: LEMMA FORALL (i, j: pc(p)): i <= j IMPLIES subset?(resources(p, i), resources(p, j)) rsrc_needs3: LEMMA FORALL (i: pc(p)): subset?(resources(p, i), resources(p)) rsrc_needs4: LEMMA FORALL (i: pc(p)): subset?(needs(p, i), resources(p)) rsrc_equiv1: LEMMA FORALL (i: pc(p)): resources(p, i) = { s | EXISTS (j: pc(p) | j <= i): member(s, needs(p, j)) } rsrc_equiv2: LEMMA resources(p) = { s | EXISTS (j: pc(p)): member(s, needs(p, j)) } rsrc_equiv3: LEMMA member(s, resources(p)) IFF EXISTS (j: below(length(p))): cmd(p, j) = P(s) %%%%%%%%%%%%%%%%%%%%%%%%%% % Critical Sections % %%%%%%%%%%%%%%%%%%%%%%%%%% %------------------------------------------------------------------- % well_behaved(p): p releases all its resources on termination % cs(p, i): step i is within a critical section of p % cs(p, i, n): step i is within a critical section of level n % (i.e. between P(s) and V(s) where s has ceiling >= n) %------------------------------------------------------------------- well_behaved(p): bool = empty?(needs(p, length(p))) good_prog: TYPE = (well_behaved) cs(p, (i: pc(p))): bool = not empty?(needs(p, i)) cs(p, (i: pc(p)), n): bool = EXISTS s: member(s, needs(p, i)) AND ceil(s) >= n cs_level1: LEMMA FORALL (i: pc(p)): cs(p, i, n) IMPLIES cs(p, i) cs_level2: LEMMA FORALL (i: pc(p)): cs(p, i) IFF EXISTS n: cs(p, i, n) well_behaved1: LEMMA well_behaved(p) IFF not cs(p, length(p)) initially_not_cs1: LEMMA NOT cs(p, 0) initially_not_cs2: LEMMA NOT cs(p, 0, n) cs_exists1: LEMMA (EXISTS (i: pc(p)): cs(p, i)) IFF not empty?(resources(p)) cs_exists2: LEMMA (EXISTS (i: pc(p)): cs(p, i, n)) IFF EXISTS s: member(s, resources(p)) AND ceil(s) >= n %----------------------------------------------------------------------- % critical_section(p, i, j): p[i]...p[j-1] is a critical section % critical_section(p, i, j, n): same thing but at level n %----------------------------------------------------------------------- critical_section(p, (i, j: pc(p))): bool = i < j AND FORALL (k: pc(p)): i <= k AND k < j IMPLIES cs(p, k) critical_section(p, (i, j: pc(p)), n): bool = i < j AND FORALL (k: pc(p)): i <= k AND k < j IMPLIES cs(p, k, n) critical_section1: LEMMA FORALL (i, j: pc(p)): critical_section(p, i, j, n) IMPLIES critical_section(p, i, j) subsection1: LEMMA FORALL (i, j, k, l: pc(p)): critical_section(p, i, j) AND i <= k AND k < l AND l <= j IMPLIES critical_section(p, k, l) subsection2: LEMMA FORALL (i, j, k, l: pc(p)): critical_section(p, i, j, n) AND i <= k AND k < l AND l <= j IMPLIES critical_section(p, k, l, n) max_critical_section_length: LEMMA FORALL (i, j: pc(p)): critical_section(p, i, j) IMPLIES j - i < length(p) %------------------------------------------- % length of the longest critical sections %------------------------------------------- len_cs(p): bounded_set[pc(p)] = { a: pc(p) | EXISTS (i, j: pc(p)): critical_section(p, i, j) AND a = j-i } max_cs(p): pc(p) = IF empty?(len_cs(p)) THEN 0 ELSE max(len_cs(p)) ENDIF len_cs(p, n): bounded_set[pc(p)] = { a: pc(p) | EXISTS (i, j: pc(p)): critical_section(p, i, j, n) AND a = j-i } max_cs(p, n): pc(p) = IF empty?(len_cs(p, n)) THEN 0 ELSE max(len_cs(p, n)) ENDIF len_section_level: LEMMA subset?(len_cs(p, n), len_cs(p)) max_section_level: LEMMA max_cs(p, n) <= max_cs(p) max_cs1: LEMMA FORALL (i, j: pc(p)): critical_section(p, i, j) IMPLIES j - i <= max_cs(p) max_cs2: LEMMA FORALL (i, j: pc(p)): critical_section(p, i, j, n) IMPLIES j - i <= max_cs(p, n) no_critical_section: LEMMA well_behaved(p) IMPLIES (max_cs(p) = 0 IFF empty?(resources(p))) max_cs3: LEMMA max_cs(p) <= length(p) - 1 no_critical_section_lev: LEMMA well_behaved(p) IMPLIES (max_cs(p, n) = 0 IFF (FORALL s: member(s, resources(p)) IMPLIES ceil(s) < n)) max_cs4: LEMMA max_cs(p, n) <= length(p) - 1 END programs $$$programs.prf (|programs| (|needs_TCC1| "" (SUBTYPE-TCC) NIL NIL) (|needs_TCC2| "" (SUBTYPE-TCC) NIL NIL) (|needs_TCC3| "" (TERMINATION-TCC) NIL NIL) (|needs_TCC4| "" (SUBTYPE-TCC) NIL NIL) (|needs_TCC5| "" (TERMINATION-TCC) NIL NIL) (|needs_TCC6| "" (SUBTYPE-TCC) NIL NIL) (|needs_TCC7| "" (TERMINATION-TCC) NIL NIL) (|resources_TCC1| "" (SUBTYPE-TCC) NIL NIL) (|rsrc_needs1| "" (SKOLEM + ("p!1" _)) (("" (INDUCT-AND-SIMPLIFY "i") NIL NIL)) NIL) (|rsrc_needs2| "" (SKOLEM + ("p!1" "i!1" _)) (("" (INDUCT-AND-SIMPLIFY "j") NIL NIL)) NIL) (|rsrc_needs3| "" (SKOLEM!) (("" (EXPAND "resources" 1 2) (("" (REWRITE "rsrc_needs2") NIL NIL)) NIL)) NIL) (|rsrc_needs4| "" (SKOLEM!) (("" (USE* "rsrc_needs1" "rsrc_needs3") (("" (AUTO-REWRITE "subset?" "member") (("" (REDUCE) NIL NIL)) NIL)) NIL)) NIL) (|rsrc_equiv1| "" (SKOLEM + ("p!1" _)) (("" (INDUCT-AND-SIMPLIFY "i" :IF-MATCH NIL) (("1" (APPLY-EXTENSIONALITY :HIDE? T) NIL NIL) ("2" (REPLACE*) (("2" (DELETE -2) (("2" (APPLY-EXTENSIONALITY :HIDE? T) (("2" (REDUCE :IF-MATCH NIL) (("1" (INST + "1 + jt!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (INST?) NIL NIL) ("3" (CASE-REPLACE "j!1 = 1 + jt!1") (("1" (ASSERT) (("1" (INST?) NIL NIL)) NIL) ("2" (ASSERT) (("2" (INST?) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (DELETE -1) (("3" (APPLY-EXTENSIONALITY 2 :HIDE? T) (("3" (REDUCE :IF-MATCH NIL) (("1" (INST?) NIL NIL) ("2" (CASE-REPLACE "j!1 = jt!1 + 1") (("1" (SMASH) (("1" (INST?) NIL NIL) ("2" (INST?) NIL NIL)) NIL) ("2" (ASSERT) (("2" (INST?) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|rsrc_equiv2| "" (SKOLEM!) (("" (EXPAND "resources") (("" (REWRITE "rsrc_equiv1") (("" (APPLY-EXTENSIONALITY :HIDE? T) (("" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|rsrc_equiv3| "" (EXPAND "resources") (("" (SKOLEM!) (("" (CASE "FORALL (i: pc(p!1)): member(s!1, resources(p!1, i)) IFF EXISTS (j: pc(p!1)): j < i AND cmd(p!1, j) = P(s!1)") (("1" (INST?) (("1" (REPLACE*) (("1" (DELETE -) (("1" (APPLY (THEN (PROP) (SKOSIMP) (INST?) (ASSERT))) NIL NIL)) NIL)) NIL)) NIL) ("2" (DELETE 2) (("2" (APPLY (THEN (INDUCT-AND-SIMPLIFY$ "i" :IF-MATCH NIL) (REPEAT* (INST?)) (ASSERT))) (("1" (DELETE 2) (("1" (REWRITE "command_P_extensionality") NIL NIL)) NIL) ("2" (CASE-REPLACE "j!1 = jt!1") (("1" (REPLACE*) (("1" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|cs_level1| "" (GRIND) NIL NIL) (|cs_level2| "" (GRIND :EXCLUDE "resources" :IF-MATCH NIL) (("1" (INST?) NIL NIL) ("2" (INST + "ceil(x!1)") (("2" (INST + "x!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) (|well_behaved1| "" (GRIND :EXCLUDE ("empty?" "resources")) NIL NIL) (|initially_not_cs1_TCC1| "" (SUBTYPE-TCC) NIL NIL) (|initially_not_cs1| "" (GRIND) NIL NIL) (|initially_not_cs2| "" (GRIND) NIL NIL) (|cs_exists1| "" (SKOLEM!) (("" (REWRITE "rsrc_equiv2") (("" (GRIND :EXCLUDE ("needs")) NIL NIL)) NIL)) NIL) (|cs_exists2| "" (SKOLEM!) (("" (REWRITE "rsrc_equiv2") (("" (GRIND :EXCLUDE ("needs") :IF-MATCH NIL) (("1" (INST?) (("1" (ASSERT) (("1" (INST?) NIL NIL)) NIL)) NIL) ("2" (INST?) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|critical_section1| "" (AUTO-REWRITE "critical_section_lev" "critical_section" "cs_level2") (("" (REDUCE :IF-MATCH NIL) (("" (INST - "k!1") (("" (INST? +) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|subsection1| "" (APPLY (THEN (EXPAND "critical_section") (REPEAT* (THEN (SKOSIMP) (ASSERT))) (INST?) (ASSERT))) NIL NIL) (|subsection2| "" (APPLY (THEN (EXPAND "critical_section") (REPEAT* (THEN (SKOSIMP) (ASSERT))) (INST?) (ASSERT))) NIL NIL) (|max_critical_section_length| "" (EXPAND "critical_section") (("" (SKOSIMP) (("" (ASSERT) (("" (INST - "i!1") (("" (ASSERT) (("" (USE "initially_not_cs1") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|len_cs_TCC1| "" (GRIND :EXCLUDE "critical_section" :IF-MATCH NIL) (("" (INST + "length(p!1)") (("" (SKOLEM!) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) (|len_cs_TCC2| "" (EXPAND* "bounded?" "bound") (("" (SKOLEM!) (("" (INST + "length(p!1)") (("" (SKOLEM!) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|len_section_level| "" (GRIND :EXCLUDE ("critical_section" "critical_section_lev") :IF-MATCH NIL) (("" (FORWARD-CHAIN "critical_section1") (("" (INST?) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) (|max_section_level| "" (SKOLEM!) (("" (USE "len_section_level") (("" (EXPAND "max_cs") (("" (SMASH) (("1" (DELETE 2) (("1" (APPLY (THEN (GRIND :EXCLUDE ("len_cs") :IF-MATCH NIL) (INST?) (INST?) (ASSERT))) NIL NIL)) NIL) ("2" (REWRITE "max_subset") NIL NIL)) NIL)) NIL)) NIL)) NIL) (|max_cs1| "" (SKOSIMP) (("" (EXPAND "max_cs") (("" (SMASH) (("1" (GRIND :EXCLUDE ("critical_section") :IF-MATCH NIL) (("1" (INST - "j!1 - i!1") (("1" (INST?) (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (REWRITE "max_prop1") (("2" (DELETE 2 3) (("2" (FORWARD-CHAIN "max_critical_section_length") (("2" (ASSERT) (("2" (EXPAND "len_cs") (("2" (INST?) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|max_cs2| "" (SKOSIMP) (("" (EXPAND "max_cs") (("" (SMASH) (("1" (GRIND :EXCLUDE ("critical_section") :IF-MATCH NIL) (("1" (INST - "j!1 - i!1") (("1" (INST?) (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (REWRITE "max_prop1") (("2" (DELETE 2 3) (("2" (FORWARD-CHAIN "critical_section1") (("2" (FORWARD-CHAIN "max_critical_section_length") (("2" (ASSERT) (("2" (EXPAND "len_cs") (("2" (INST?) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|no_critical_section| "" (SKOSIMP) (("" (EXPAND "max_cs") (("" (REWRITE "well_behaved1") (("" (USE "cs_exists1") (("" (CASE "empty?(len_cs(p!1))") (("1" (SMASH) (("1" (DELETE -3 1) (("1" (GRIND :EXCLUDE ("cs") :IF-MATCH NIL) (("1" (INST - "1") (("1" (INST + "i!1" "i!1+1") (("1" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SMASH) (("1" (CASE "1 <= max(len_cs(p!1))") (("1" (ASSERT) NIL NIL) ("2" (SKOLEM!) (("2" (AUTO-REWRITE "len_cs" "critical_section") (("2" (REWRITE "max_prop1") (("2" (INST + "i!1" "i!1 + 1") (("2" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (DELETE -1 4) (("2" (GRIND :EXCLUDE ("cs") :IF-MATCH NIL) (("2" (INST + "i!1") (("2" (INST? -) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|max_cs3| "" (SKOSIMP) (("" (EXPAND "max_cs") (("" (SMASH) (("" (REWRITE "max_prop2") (("" (SKOLEM-TYPEPRED) (("" (EXPAND "len_cs" -) (("" (SKOSIMP) (("" (FORWARD-CHAIN "max_critical_section_length") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|no_critical_section_lev| "" (SKOSIMP) (("" (REWRITE "well_behaved1") (("" (USE "cs_level1") (("" (ASSERT) (("" (DELETE 2) (("" (EXPAND "max_cs") (("" (CASE "empty?(len_cs(p!1, n!1))") (("1" (SMASH) (("1" (USE "cs_exists2") (("1" (GROUND) (("1" (DELETE -2 -4 2) (("1" (GRIND :EXCLUDE ("cs") :IF-MATCH NIL) (("1" (INST - "1") (("1" (INST + "i!1" "i!1+1") (("1" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (DELETE -1 -2 2 3) (("2" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SMASH) (("1" (USE "cs_exists2") (("1" (GROUND) (("1" (DELETE -2 3) (("1" (CASE "1 <= max(len_cs(p!1, n!1))") (("1" (ASSERT) NIL NIL) ("2" (AUTO-REWRITE "len_cs" "critical_section") (("2" (REWRITE "max_prop1") (("2" (SKOLEM!) (("2" (ASSERT) (("2" (INST + "i!1" "i!1+1") (("2" (REDUCE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (DELETE -1 2 3 4) (("2" (REDUCE) NIL NIL)) NIL)) NIL)) NIL) ("2" (USE "cs_exists2") (("2" (GROUND) (("1" (DELETE -1 1 2 3) (("1" (REDUCE) NIL NIL)) NIL) ("2" (DELETE -1 1 5) (("2" (GRIND :EXCLUDE ("cs") :IF-MATCH NIL) (("2" (INST + "i!1") (("2" (INST - "i!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|max_cs4| "" (SKOSIMP) (("" (EXPAND "max_cs") (("" (SMASH) (("" (REWRITE "max_prop2") (("" (SKOLEM-TYPEPRED) (("" (EXPAND "len_cs" -) (("" (SKOSIMP) (("" (FORWARD-CHAIN "critical_section1") (("" (FORWARD-CHAIN "max_critical_section_length") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL))