| Obligations | Alt-Ergo 2.3.0 | CVC4 1.7 | Z3 4.8.4 |
| nombre_boursiers_snoc | 0.05 | --- | --- |
| VC for ordre_appel_valide | --- | 0.17 | --- |
| VC for taux_b_est_contraignant_f | 0.02 | --- | --- |
| VC for meilleur_candidat_est_b | 0.02 | --- | --- |
| VC for creer_ordre_appel_valide | --- | --- | --- |
| split_vc | | | |
| taux b ok | 0.01 | --- | --- |
| nb voeux positif | 0.02 | --- | --- |
| b seulement | 0.01 | --- | --- |
| nb seulement | 0.01 | --- | --- |
| b triés | 0.02 | --- | --- |
| nb triés | 0.02 | --- | --- |
| nb v ok | 0.02 | --- | --- |
| reste b taux ok | 0.02 | --- | --- |
| s'il n'y a plus de boursiers, on les a tous appelés | 0.04 | --- | --- |
| s'il y a tous les boursiers dans un préfixe, il n'en reste plus à appeler | 0.05 | --- | --- |
| nb b appeles correct | 0.03 | --- | --- |
| total nb b constant | 0.03 | --- | --- |
| taux ok or no more b | 0.02 | --- | --- |
| all taken on prefix imply no b left | 0.02 | --- | --- |
| no b left eq all taken | 0.01 | --- | --- |
| taux ok or all taken | 0.04 | --- | --- |
| precondition | 0.01 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.03 | --- | --- |
| precondition | 0.03 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| postcondition | 0.03 | --- | --- |
| postcondition | 0.03 | --- | --- |
| postcondition | 0.03 | --- | --- |
| postcondition | 0.02 | --- | --- |
| VC for t_ok | 0.02 | --- | --- |
| VC for t_okb | 0.06 | --- | --- |
| VC for choisir_boursier | --- | --- | --- |
| split_vc | | | |
| precondition | 0.18 | --- | --- |
| precondition | 0.01 | --- | --- |
| taux b ok (type invariant) | 0.02 | --- | --- |
| nb voeux positif (type invariant) | 0.02 | --- | --- |
| b seulement (type invariant) | 0.40 | --- | --- |
| nb seulement (type invariant) | 0.02 | --- | --- |
| b triés (type invariant) | 0.05 | --- | --- |
| nb triés (type invariant) | 0.02 | --- | --- |
| nb v ok (type invariant) | 0.08 | --- | --- |
| reste b taux ok (type invariant) | 0.04 | --- | --- |
| s'il n'y a plus de boursiers, on les a tous appelés (type invariant) | 0.12 | --- | --- |
| s'il y a tous les boursiers dans un préfixe, il n'en reste plus à appeler (type invariant) | 0.29 | --- | --- |
| nb b appeles correct (type invariant) | 0.14 | --- | --- |
| total nb b constant (type invariant) | 0.06 | --- | --- |
| taux ok or no more b (type invariant) | 0.02 | --- | --- |
| all taken on prefix imply no b left (type invariant) | 0.02 | --- | --- |
| no b left eq all taken (type invariant) | 0.02 | --- | --- |
| type invariant | 0.38 | --- | --- |
| type invariant | 0.52 | --- | --- |
| type invariant | 0.02 | --- | --- |
| type invariant | 0.38 | --- | --- |
| type invariant | --- | --- | 0.40 |
| type invariant | --- | --- | --- |
| case (i < length1 (seq oa_ordre_appel) - 1) | | | |
| true case (type invariant) | --- | --- | --- |
| assert (voeu_lt candidat (seq oa_ordre_appel)[length1 (seq oa_ordre_appel) -1]'') | | | |
| asserted formula | 0.27 | --- | --- |
| true case (type invariant) | --- | --- | --- |
| assert (voeu_lt (seq (boursiers oa1))[0]'' (seq (boursiers oa1))[1]'') | | | |
| asserted formula | --- | --- | 0.11 |
| true case (type invariant) | 0.11 | --- | --- |
| false case (type invariant) | --- | 0.87 | --- |
| type invariant | 0.34 | --- | --- |
| type invariant | --- | --- | --- |
| case (i < length1 (seq oa_ordre_appel) - 1) | | | |
| true case (type invariant) | --- | --- | --- |
| assert (voeu_lt candidat (seq (boursiers oa1))[0]'') | | | |
| asserted formula | 0.35 | --- | --- |
| true case (type invariant) | --- | --- | --- |
| assert (voeu_lt (seq (boursiers oa1))[0]'' (seq (boursiers oa1))[1]'') | | | |
| asserted formula | --- | --- | 0.10 |
| true case (type invariant) | 0.08 | --- | --- |
| false case (type invariant) | --- | 1.09 | --- |
| type invariant | --- | --- | --- |
| case (i < length1 (seq oa_ordre_appel) - 1) | | | |
| true case (type invariant) | 0.07 | --- | --- |
| false case (type invariant) | 0.61 | --- | --- |
| type invariant | 0.46 | --- | --- |
| type invariant | 0.32 | --- | --- |
| type invariant | 0.51 | --- | --- |
| type invariant | 0.66 | --- | --- |
| postcondition | 0.03 | --- | --- |
| postcondition | 0.03 | --- | --- |
| VC for t_oknb | 0.06 | --- | --- |
| VC for choisir_non_boursier | --- | --- | --- |
| split_vc | | | |
| precondition | 0.11 | --- | --- |
| precondition | 0.02 | --- | --- |
| taux b ok (type invariant) | 0.02 | --- | --- |
| nb voeux positif (type invariant) | 0.02 | --- | --- |
| b seulement (type invariant) | 0.02 | --- | --- |
| nb seulement (type invariant) | --- | 0.25 | --- |
| b triés (type invariant) | 0.02 | --- | --- |
| nb triés (type invariant) | 0.04 | --- | --- |
| nb v ok (type invariant) | 0.07 | --- | --- |
| reste b taux ok (type invariant) | 0.03 | --- | --- |
| s'il n'y a plus de boursiers, on les a tous appelés (type invariant) | 0.34 | --- | --- |
| s'il y a tous les boursiers dans un préfixe, il n'en reste plus à appeler (type invariant) | 0.26 | --- | --- |
| nb b appeles correct (type invariant) | 0.13 | --- | --- |
| total nb b constant (type invariant) | 0.02 | --- | --- |
| taux ok or no more b (type invariant) | 0.02 | --- | --- |
| all taken on prefix imply no b left (type invariant) | 0.02 | --- | --- |
| no b left eq all taken (type invariant) | 0.02 | --- | --- |
| type invariant | 0.73 | --- | --- |
| type invariant | 0.02 | --- | --- |
| type invariant | 0.24 | --- | --- |
| type invariant | 0.14 | --- | --- |
| type invariant | 0.53 | --- | --- |
| type invariant | 0.21 | --- | --- |
| type invariant | --- | --- | --- |
| case (i < length1 (seq oa_ordre_appel) - 1) | | | |
| true case (type invariant) | --- | --- | --- |
| assert (voeu_lt candidat (seq oa_ordre_appel)[length1 (seq oa_ordre_appel) -1]'') | | | |
| asserted formula | 0.10 | --- | --- |
| true case (type invariant) | --- | --- | --- |
| assert (voeu_lt (seq (non_boursiers oa1))[0]'' (seq (non_boursiers oa1))[1]'')
| | | |
| asserted formula | --- | --- | 0.10 |
| true case (type invariant) | 0.11 | --- | --- |
| false case (type invariant) | --- | 1.04 | --- |
| type invariant | 0.07 | --- | --- |
| type invariant | 1.55 | --- | --- |
| type invariant | 0.21 | --- | --- |
| type invariant | 0.25 | --- | --- |
| type invariant | 0.22 | --- | --- |
| type invariant | 0.20 | --- | --- |
| postcondition | 0.03 | --- | --- |
| postcondition | 0.03 | --- | --- |
| postcondition | 0.02 | --- | --- |
| nb_b_last | 1.98 | --- | --- |
| VC for propriete5 | --- | --- | --- |
| split_vc | | | |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| assertion | 0.67 | --- | --- |
| assertion | 0.02 | --- | --- |
| assertion | --- | --- | --- |
| case (k < i) | | | |
| true case (assertion) | --- | --- | --- |
| assert (inv p @ k = k) | | | |
| asserted formula | --- | --- | --- |
| assert (s[k]'' = cl[k]'') | | | |
| asserted formula | 0.13 | --- | --- |
| asserted formula | --- | --- | --- |
| assert (cl[inv p @ k]'' = s[k]'') | | | |
| asserted formula | 0.26 | --- | --- |
| asserted formula | --- | --- | --- |
| assert (k <> inv p @ k -> rang_distinct cl[k]'' cl[inv p @ k]'') | | | |
| asserted formula | 2.16 | --- | --- |
| asserted formula | 0.05 | --- | --- |
| true case (assertion) | 0.13 | --- | --- |
| false case (assertion) | 0.16 | --- | --- |
| assertion | 0.13 | --- | --- |
| assertion | 0.02 | --- | --- |
| assertion | 0.14 | --- | --- |
| assertion | 0.02 | --- | --- |
| assertion | 0.11 | --- | --- |
| assertion | 0.01 | --- | --- |
| assertion | 0.27 | --- | --- |
| assertion | 0.40 | --- | --- |
| assertion | 0.27 | --- | --- |
| assertion | 0.02 | --- | --- |
| assertion | 0.07 | --- | --- |
| assertion | 0.02 | --- | --- |
| assertion | 0.02 | --- | --- |
| assertion | 0.15 | --- | --- |
| assertion | 0.02 | --- | --- |
| assertion | 0.16 | --- | --- |
| assertion | 0.07 | --- | --- |
| assertion | 0.14 | --- | --- |
| unreachable point | 0.02 | --- | --- |
| assertion | 0.06 | --- | --- |
| assertion | --- | 0.81 | --- |
| assertion | 0.04 | --- | --- |
| assertion | 4.79 | --- | --- |
| postcondition | 0.87 | --- | --- |
| VC for oav_imp_p2_aux | --- | --- | --- |
| split_vc | | | |
| assertion | 0.02 | --- | --- |
| assertion | 0.06 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.30 | --- | --- |
| unreachable point | --- | --- | --- |
| introduce_exists | | | |
| unreachable point | --- | --- | --- |
| assert ((seq s)[i1]''.rang = (seq s)[i2]''.rang) | | | |
| asserted formula | 0.04 | --- | --- |
| unreachable point | --- | --- | --- |
| unfold rang_distincts in Assert | | | |
| unreachable point | --- | --- | --- |
| unfold seq_forall_two in Assert | | | |
| unreachable point | --- | --- | --- |
| assert (forall i3:int, j:int.
0 <= i3 /\ i3 < j /\ j < length1 (seq s)[..i + 1] ->
(((fun (y0:voeu) (y1:voeu) -> rang_distinct y0 y1)
@ (seq s)[..i + 1][i3]'')
@ (seq s)[..i + 1][j]'')) | | | |
| asserted formula | 0.02 | --- | --- |
| unreachable point | --- | --- | --- |
| instantiate h i1 | | | |
| unreachable point | --- | --- | --- |
| instantiate Hinst i2 | | | |
| unreachable point | 0.30 | --- | --- |
| assertion | 0.02 | --- | --- |
| postcondition | 0.02 | --- | --- |
| VC for oav_imp_p2 | 0.03 | --- | --- |
| VC for oav_imp_p3a_aux | --- | --- | --- |
| split_vc | | | |
| assertion | 0.02 | --- | --- |
| assertion | 0.30 | --- | --- |
| precondition | --- | --- | 0.18 |
| precondition | --- | --- | --- |
| compute_specified | | | |
| precondition | 1.86 | --- | --- |
| unreachable point | --- | --- | --- |
| introduce_exists | | | |
| unreachable point | --- | --- | --- |
| assert (forall i3:int, j:int.
0 <= i3 /\ i3 < j /\ j < length1 subs ->
(((fun (y0:voeu) (y1:voeu) -> rang_distinct y0 y1) @ subs[i3]'')
@ subs[j]'')) | | | |
| asserted formula | 0.06 | --- | --- |
| unreachable point | --- | --- | --- |
| instantiate h i1 | | | |
| unreachable point | --- | --- | --- |
| instantiate Hinst i2 | | | |
| unreachable point | 0.10 | --- | --- |
| assertion | 1.10 | --- | --- |
| postcondition | 0.02 | --- | --- |
| VC for oav_imp_p3a | 0.03 | --- | --- |
| VC for p3b_aux | --- | --- | --- |
| split_vc | | | |
| loop invariant init | 0.08 | --- | --- |
| loop invariant init | 0.02 | --- | --- |
| loop invariant init | --- | --- | --- |
| split_vc | | | |
| loop invariant init | 0.03 | --- | --- |
| assert (rang c <= i + 1) | | | |
| asserted formula | --- | --- | --- |
| split_vc | | | |
| asserted formula | 0.02 | --- | --- |
| loop invariant init | 0.02 | --- | --- |
| assertion | --- | 0.47 | --- |
| assertion | --- | 0.44 | --- |
| loop invariant preservation | --- | --- | --- |
| split_vc | | | |
| loop invariant preservation | --- | --- | --- |
| rewrite numof_split with j | | | |
| loop invariant preservation | --- | 0.86 | --- |
| rewrite premises | 0.15 | --- | --- |
| loop invariant preservation | --- | --- | --- |
| rewrite numof_split with j | | | |
| loop invariant preservation | --- | 0.95 | --- |
| rewrite premises | 0.09 | --- | --- |
| loop invariant preservation | 0.03 | --- | --- |
| loop invariant preservation | Timeout (1s) | Timeout (1s) | Timeout (1s) |
| split_vc | | | |
| loop invariant preservation | Timeout (1s) | Timeout (1s) | Timeout (1s) |
| loop invariant preservation | --- | --- | --- |
| split_vc | | | |
| loop invariant preservation | --- | --- | --- |
| rewrite numof_split with j | | | |
| loop invariant preservation | --- | 0.96 | --- |
| rewrite premises | 0.15 | --- | --- |
| loop invariant preservation | --- | --- | --- |
| rewrite numof_split with j | | | |
| loop invariant preservation | --- | 0.97 | --- |
| rewrite premises | 0.06 | --- | --- |
| loop invariant preservation | 0.03 | --- | --- |
| loop invariant preservation | --- | --- | --- |
| split_vc | | | |
| loop invariant preservation | 0.03 | --- | --- |
| postcondition | 0.02 | --- | --- |
| postcondition | --- | --- | --- |
| split_vc | | | |
| postcondition | 0.03 | --- | --- |
| out of loop bounds | --- | --- | --- |
| split_vc | | | |
| postcondition | 0.02 | --- | --- |
| postcondition | 0.02 | --- | --- |
| postcondition | 0.02 | --- | --- |
| postcondition | --- | --- | --- |
| split_vc | | | |
| postcondition | 0.01 | --- | --- |
| VC for p3b | Timeout (1s) | Timeout (1s) | Timeout (1s) |
| VC for mk_ordre_appel | --- | --- | --- |
| split_vc | | | |
| req - b only | 0.01 | --- | --- |
| req - nb only | 0.02 | --- | --- |
| req - valid t | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| b triés | 0.02 | --- | --- |
| b triés | 0.01 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| dummy | 0.02 | --- | --- |
| inv_permut | 0.15 | --- | --- |
| loop invariant init | 0.03 | --- | --- |
| req - b nonempty | 0.03 | --- | --- |
| req - OK to choose b | 0.02 | --- | --- |
| loop variant decrease | 0.03 | --- | --- |
| dummy | 0.02 | --- | --- |
| inv_permut | 0.39 | --- | --- |
| loop invariant preservation | 0.39 | --- | --- |
| req - b nonempty | 0.03 | --- | --- |
| req - OK to choose b | 0.02 | --- | --- |
| loop variant decrease | 0.03 | --- | --- |
| dummy | 0.02 | --- | --- |
| inv_permut | 0.41 | --- | --- |
| loop invariant preservation | 0.43 | --- | --- |
| req - nb nonempty | 0.03 | --- | --- |
| req - OK to choose nb | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| loop variant decrease | 0.14 | --- | --- |
| dummy | 0.02 | --- | --- |
| inv_permut | 0.38 | --- | --- |
| loop invariant preservation | 1.95 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.76 | --- | --- |
| req - b nonempty | 0.03 | --- | --- |
| req - OK to choose b | 0.02 | --- | --- |
| loop variant decrease | 0.03 | --- | --- |
| dummy | 0.02 | --- | --- |
| inv_permut | 0.67 | --- | --- |
| loop invariant preservation | 0.42 | --- | --- |
| assertion | 0.02 | --- | --- |
| req - nb nonempty | 0.03 | --- | --- |
| req - OK to choose nb | 0.02 | --- | --- |
| precondition | 0.03 | --- | --- |
| loop variant decrease | 0.03 | --- | --- |
| dummy | 0.02 | --- | --- |
| inv_permut | 0.47 | --- | --- |
| loop invariant preservation | 0.36 | --- | --- |
| assertion | 0.35 | --- | --- |
| assertion | 0.05 | --- | --- |
| assertion | 0.03 | --- | --- |
| ens - permut | 0.31 | --- | --- |
| ens - prop1 | 0.02 | --- | --- |
| postcondition | 0.08 | --- | --- |
| postcondition | 0.08 | --- | --- |
| postcondition | 0.03 | --- | --- |
| VC for algo1 | --- | --- | --- |
| split_vc | | | |
| assertion | 0.03 | --- | --- |
| assertion | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| assertion | 0.02 | --- | --- |
| assertion | 0.02 | --- | --- |
| assertion | 0.02 | --- | --- |
| assertion | 0.04 | --- | --- |
| assertion | 0.04 | --- | --- |
| assertion | 0.15 | --- | --- |
| req - valid taux | 0.03 | --- | --- |
| req - b only | 0.02 | --- | --- |
| req - nb only | 0.02 | --- | --- |
| req - b sorted | 0.02 | --- | --- |
| req - b sorted | 0.02 | --- | --- |
| precondition | 0.01 | --- | --- |
| precondition | 0.02 | --- | --- |
| precondition | 0.02 | --- | --- |
| ens_permut | 0.03 | --- | --- |
| ens_prop1 | 0.02 | --- | --- |
| postcondition | 0.02 | --- | --- |
| postcondition | 0.02 | --- | --- |