%% PVS Version 4.0 - CMU Common Lisp 19d (19D) %% 19d (19D) $$$PVSHOME/.pvsemacs $$$SensorLock.pvs SensorLock [K:posreal, (IMPORTING Clocks[K]) TL,TR:{t:time|t true, NOT Held_For_I(sensor,ldelay,Sample)(n) AND reset(Sample(n)) AND sensor(Sample(n))->SenLock_SRS(sensor,reset,ldelay)(n-1), NOT Held_For_I(sensor,ldelay,Sample)(n) AND reset(Sample(n)) AND NOT sensor(Sample(n))-> false, NOT Held_For_I(sensor,ldelay,Sample)(n) AND NOT reset(Sample(n)) ->SenLock_SRS(sensor,reset,ldelay)(n-1) ENDCOND ENDIF MEASURE n % SDD - Original version of SenLock_SDD Function Lock_State: TYPE = {Good, Bad, lock} SDD_State: TYPE = [# Elock: Lock_State, lLockDly: tick #] S:VAR SDD_State sensor_now, reset_now:VAR bool ElockUpdate(sensor_now,reset_now, S, ldelay,step):Lock_State = COND NOT sensor_now AND Elock (S)=lock AND reset_now -> Good, NOT sensor_now AND Elock(S)=lock AND NOT reset_now -> lock, NOT sensor_now AND NOT Elock(S)=lock -> Good, %sensor_now AND lLockDly(S) sensor_now AND lLockDly(S)+step Elock(S), %sensor_now AND lLockDly(S)>=ldelay -> sensor_now AND lLockDly(S)+step>=ldelay -> lock ENDCOND % SenLock_FASTSDD(sensor,reset,ldelay)(t): RECURSIVE SDD_State= % IF init(t) THEN % IF NOT sensor(t) THEN % (# Elock:= lock, lLockDly:= 0 #) % ELSE % (# Elock:= lock, lLockDly:= next(0) #) % ENDIF % ELSIF NOT sensor(t) THEN % IF Elock(SenLock_FASTSDD(sensor,reset,ldelay)(pre(t)))=lock THEN % IF reset(t) THEN % (# Elock:= Good, lLockDly:= 0 #) % ELSE % (# Elock:= lock, lLockDly:= 0 #) % ENDIF % ELSE % (# Elock:= Good, lLockDly:= 0 #) % ENDIF % ELSIF lLockDly(SenLock_FASTSDD(sensor,reset,ldelay)(pre(t)))delta_L AND ldelay > delta_R AND ldelay - delta_L > K + TR) IMPLIES FORALL(n|n>0): lLockDly(ELOCK(sensor,reset,ldelay-delta_L)(n-1))+Sample(n)-Sample(n-1)>=ldelay-delta_L AND sensor(Sample(n)) IFF Held_For_I(sensor,ldelay,Sample)(n) SensorLock_Block: THEOREM %SenLock_SRS(sensor,reset,ldelay)(t) = lock?(Elock(ELOCK(sensor,reset,ldelay)(t))) (ldelay>delta_L AND ldelay > delta_R AND ldelay - delta_L > K + TR) IMPLIES SenLock_SRS(sensor,reset,ldelay)(n) = lock?(Elock(ELOCK(sensor,reset,ldelay-delta_L)(n))) %SensorLock_Block1: THEOREM %SenLock_SRS(sensor,reset,ldelay+delta_R)(n) IMPLIES lock?(Elock(ELOCK(sensor,reset,ldelay)(t))) AND %NOT SenLock_SRS(sensor,reset,ldelay-delta_L)(Sample(n)) IMPLIES NOT lock?(Elock(ELOCK(sensor,reset,ldelay)(n))) %PERFORMANCE: THEOREM %SenLock_FASTSDD(sensor,reset,ldelay)(t)=ELOCK(sensor,reset,ldelay)(t) END SensorLock $$$SensorLock.prf (|SensorLock| (|Sample_TCC1| 0 (|Sample_TCC1-1| NIL 3399844196 3403454897 ("" (GRIND) (("" (INST 1 "lambda(n:nat):n*ceiling((K-TL)/delta_t)*delta_t") (("1" (SPLIT) (("1" (GRIND) (("1" (TYPEPRED "ceiling((K - TL) / delta_t)") (("1" (TYPEPRED "delta_t") (("1" (GRIND) (("1" (CASE "ceiling((K - TL) / delta_t) * delta_t=0") (("1" (GRIND) NIL NIL) ("2" (GRIND) (("2" (HIDE 2) (("2" (LEMMA "nonneg_real_mult_closed") (("2" (INST -1 "K-TL" "1/delta_t") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INST 1 "ceiling((K - TL) / delta_t) * n!1") (("1" (ASSERT) NIL NIL) ("2" (GRIND) (("2" (LEMMA "nonneg_real_mult_closed") (("2" (INST -1 "ceiling((K - TL) / delta_t)" "n!1") (("2" (HIDE 2) (("2" (LEMMA "nonneg_real_mult_closed") (("2" (INST -1 "K-TL" "1/delta_t") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (GRIND) (("2" (CASE "(K - TL) / delta_t>=0") (("1" (TYPEPRED "ceiling((K - TL) / delta_t)") (("1" (GRIND) (("1" (GRIND) (("1" (HIDE -1 -2 -3) (("1" (LEMMA "nonneg_real_mult_closed") (("1" (INST -1 "ceiling((K - TL) / delta_t)" "delta_t*n!1") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "nonneg_real_mult_closed") (("2" (INST -1 "K - TL" "1/delta_t") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|div_cancel2| FORMULA-DECL NIL |real_props| NIL) (|div_mult_pos_le1| FORMULA-DECL NIL |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_plus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|both_sides_times_pos_lt1| FORMULA-DECL NIL |real_props| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|n!1| SKOLEM-CONST-DECL "nat" |SensorLock| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|posreal_times_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|posreal_div_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|nonneg_real_mult_closed| FORMULA-DECL NIL |real_types| NIL) (|mult_divides2| APPLICATION-JUDGEMENT "(divides(m))" |divides| NIL) (|mult_divides1| APPLICATION-JUDGEMENT "(divides(n))" |divides| NIL) (|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_div_nzreal_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|ceiling| CONST-DECL "{i | x <= i & i < x + 1}" |floor_ceil| NIL) (|integer| NONEMPTY-TYPE-FROM-DECL NIL |integers| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL)) 38792 743 T NIL)) (|SenLock_SRS_TCC1| 0 (|SenLock_SRS_TCC1-1| NIL 3399844196 3403454176 ("" (SKOSIMP) (("" (TYPEPRED "Sample") (("" (INST -2 "n!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 3 "n!2") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Sample| CONST-DECL "Sample_Type" |SensorLock| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL)) 49 48 T NIL)) (|SenLock_SRS_TCC2| 0 (|SenLock_SRS_TCC2-1| NIL 3399844196 3403454176 ("" (TERMINATION-TCC) NIL NIL) PROVED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|FilteredTickPred| NONEMPTY-TYPE-EQ-DECL NIL |Held_For_TD| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL)) 12 11 NIL NIL)) (|SenLock_SRS_TCC3| 0 (|SenLock_SRS_TCC3-1| NIL 3399844196 3403454176 ("" (COND-DISJOINT-TCC) NIL NIL) PROVED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL)) 22 22 NIL NIL)) (|SenLock_SRS_TCC4| 0 (|SenLock_SRS_TCC4-1| NIL 3399844196 3403454176 ("" (COND-COVERAGE-TCC) NIL NIL) PROVED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|FilteredTickPred| NONEMPTY-TYPE-EQ-DECL NIL |Held_For_TD| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL)) 24 24 NIL NIL)) (|SenLock_SRS_TCC5| 0 (|SenLock_SRS_TCC5-1| NIL 3403443527 3403454176 ("" (SUBTYPE-TCC) NIL NIL) PROVED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL)) 25 25 NIL NIL)) (|SenLock_SRS_TCC6| 0 (|SenLock_SRS_TCC6-1| NIL 3403443527 3403454177 ("" (SUBTYPE-TCC) NIL NIL) PROVED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|FilteredTickPred| NONEMPTY-TYPE-EQ-DECL NIL |Held_For_TD| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL)) 76 75 NIL NIL)) (|SenLock_SRS_TCC7| 0 (|SenLock_SRS_TCC7-1| NIL 3403443527 3403454178 ("" (TERMINATION-TCC) NIL NIL) PROVED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|FilteredTickPred| NONEMPTY-TYPE-EQ-DECL NIL |Held_For_TD| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL)) 44 43 NIL NIL)) (|ElockUpdate_TCC1| 0 (|ElockUpdate_TCC1-1| NIL 3399844196 3403454178 ("" (COND-DISJOINT-TCC) NIL NIL) PROVED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 55 54 NIL NIL)) (|ElockUpdate_TCC2| 0 (|ElockUpdate_TCC2-1| NIL 3399844196 3403454179 ("" (COND-COVERAGE-TCC) NIL NIL) PROVED ((|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 46 45 NIL NIL)) (ELOCK_TCC1 0 (ELOCK_TCC1-1 NIL 3399844196 3403454179 ("" (SKOSIMP) (("" (TYPEPRED "Sample") (("" (INST -2 "n!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 1 "n!2") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Sample| CONST-DECL "Sample_Type" |SensorLock| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL)) 47 46 T NIL)) (ELOCK_TCC2 0 (ELOCK_TCC2-1 NIL 3399844196 3403454180 ("" (TERMINATION-TCC) NIL NIL) PROVED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 79 78 NIL NIL)) (ELOCK_TCC3 0 (ELOCK_TCC3-1 NIL 3399844196 3403454225 ("" (SKOSIMP) (("" (TYPEPRED "Sample") (("" (INST -2 "n!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 2 "n!2") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Sample| CONST-DECL "Sample_Type" |SensorLock| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL)) 2114 36 T NIL)) (ELOCK_TCC4 0 (ELOCK_TCC4-1 NIL 3399844196 3403454181 ("" (SKOSIMP) (("" (TYPEPRED "Sample") (("" (INST -2 "n!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 2 "n!2") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Sample| CONST-DECL "Sample_Type" |SensorLock| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL)) 47 46 T NIL)) (ELOCK_TCC5 0 (ELOCK_TCC5-1 NIL 3399844196 3403454181 ("" (SUBTYPE-TCC) NIL NIL) PROVED NIL 4 3 NIL NIL)) (ELOCK_TCC6 0 (ELOCK_TCC6-1 NIL 3399844196 3403454496 ("" (TYPEPRED "Sample") (("" (SKOSIMP) (("" (INST -1 "n!1-1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) PROVED ((|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|n!1| SKOLEM-CONST-DECL "nat" |SensorLock| NIL) (|Sample| CONST-DECL "Sample_Type" |SensorLock| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 1272 71 T NIL)) (ELOCK_TCC7 0 (ELOCK_TCC7-1 NIL 3399844196 3403454281 ("" (SKOSIMP) (("" (TYPEPRED "Sample") (("" (INST -2 "n!1-1") (("1" (SKOSIMP) (("1" (TYPEPRED "t!1") (("1" (SKOSIMP) (("1" (INST 2 "n!2") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Sample| CONST-DECL "Sample_Type" |SensorLock| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|n!1| SKOLEM-CONST-DECL "nat" |SensorLock| NIL)) 2121 56 T NIL)) (ELOCK_TCC8 0 (ELOCK_TCC8-1 NIL 3399844196 3403454445 ("" (SKOSIMP) (("" (TYPEPRED "Sample") (("" (SPLIT) (("1" (INST -1 "n!1-1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (ASSERT) (("2" (INST-CP -2 "n!1") (("2" (INST -2 "n!1-1") (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (TYPEPRED "t!1") (("2" (TYPEPRED "t!2") (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (INST 1 "n!2-n!3") (("1" (GRIND) NIL NIL) ("2" (CASE "n!2 * delta_t>=n!3 * delta_t") (("1" (BOTH-SIDES "/" "delta_t" -1) (("1" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Sample| CONST-DECL "Sample_Type" |SensorLock| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|both_sides_times_pos_ge1| FORMULA-DECL NIL |real_props| NIL) (|both_sides_div_pos_ge1| FORMULA-DECL NIL |real_props| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|odd_plus_odd_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|n!2| SKOLEM-CONST-DECL "nat" |SensorLock| NIL) (|n!3| SKOLEM-CONST-DECL "nat" |SensorLock| NIL) (|n!1| SKOLEM-CONST-DECL "nat" |SensorLock| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL)) 12796 352 T NIL)) (ELOCK_TCC9 0 (ELOCK_TCC9-1 NIL 3399844196 3403454295 ("" (SKOSIMP) (("" (INST 3 "0") (("" (GRIND) NIL NIL)) NIL)) NIL) PROVED ((|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL)) 744 20 T NIL)) (|lLockDly_Timer| 0 (|lLockDly_Timer-2| NIL 3399844213 3403454165 ("" (INDUCT "n") (("1" (SKOSIMP) (("1" (GRIND) NIL NIL)) NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (EXPAND "ELOCK") (("2" (EXPAND "Timer") (("2" (LIFT-IF) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED ((|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (PRED TYPE-EQ-DECL NIL |defined_types| NIL) (|Lock_State| TYPE-DECL NIL |SensorLock| NIL) (|clock| TYPE-EQ-DECL NIL |Clocks| NIL) (|SDD_State| TYPE-EQ-DECL NIL |SensorLock| NIL) (ELOCK DEF-DECL "SDD_State" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Timer| DEF-DECL "tick" |TimerGeneral| NIL) (|Sample| CONST-DECL "Sample_Type" |SensorLock| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (|TimerUpdate| CONST-DECL "tick" |TimerGeneral| NIL) (|even_plus_even_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|nnint_plus_nnint_is_nnint| APPLICATION-JUDGEMENT "nonneg_int" |integers| NIL) (|ElockUpdate| CONST-DECL "Lock_State" |SensorLock| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_plus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 148 1 T NIL) (|lLockDly_Timer-1| NIL 3399844196 NIL ("" (INDUCT "t" 1 "clock_induction") (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (EXPAND "Timer") (("1" (ASSERT) (("1" (EXPAND "TimerUpdate") (("1" (ASSERT) (("1" (CASE "ldelay!1=0 OR ldelay!1>0") (("1" (BDDSIMP) (("1" (ASSERT) NIL NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) UNTRIED NIL NIL NIL NIL NIL)) (|ELOCK_GENERAL_lemma3_TCC1| 0 (|ELOCK_GENERAL_lemma3_TCC1-1| NIL 3403449167 3403454184 ("" (SUBTYPE-TCC) NIL NIL) PROVED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 4 4 NIL NIL)) (|ELOCK_GENERAL_lemma3_TCC2| 0 (|ELOCK_GENERAL_lemma3_TCC2-1| NIL 3403452093 3403454184 ("" (SUBTYPE-TCC) NIL NIL) PROVED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 44 43 NIL NIL)) (|ELOCK_GENERAL_lemma3_TCC3| 0 (|ELOCK_GENERAL_lemma3_TCC3-1| NIL 3403452312 3403454185 ("" (SKOSIMP) (("" (SKOSIMP) (("" (TYPEPRED "Sample") (("" (INST -2 "n!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 1 "n!2") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|Sample| CONST-DECL "Sample_Type" |SensorLock| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 94 93 T NIL)) (|ELOCK_GENERAL_lemma3| 0 (|ELOCK_GENERAL_lemma3-5| "" 3403452120 3403452124 ("" (SKOSIMP) (("" (SKOSIMP) (("" (LEMMA "Timer_General") (("" (INST?) (("1" (LEMMA "lLockDly_Timer") (("1" (INST -1 "ldelay!1-delta_L" "n!1-1" "reset!1" "sensor!1") (("1" (ASSERT) (("1" (REPLACE -1 * LR) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Timer_General| FORMULA-DECL NIL |TimerGeneral| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|lLockDly_Timer| FORMULA-DECL NIL |SensorLock| NIL) (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (PRED TYPE-EQ-DECL NIL |defined_types| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) NIL (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Duration| TYPE-EQ-DECL NIL |TimerGeneral| NIL) (|Sample| CONST-DECL "Sample_Type" |SensorLock| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (<= CONST-DECL "bool" |reals| NIL) (|FilteredTickPred| NONEMPTY-TYPE-EQ-DECL NIL |Held_For_TD| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL)) 308 204 NIL NIL) (|ELOCK_GENERAL_lemma3-4| "" 3403450772 3403452110 ("" (SKOSIMP) (("" (SKOSIMP) (("" (LEMMA "Timer_General") (("" (INST?) (("1" (LEMMA "lLockDly_Timer2") (("1" (INST -1 "ldelay!1-delta_L" "n!1-1" "reset!1" "sensor!1") (("1" (ASSERT) (("1" (REPLACE -1 * LR) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Timer_General| FORMULA-DECL NIL |TimerGeneral| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) NIL (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (PRED TYPE-EQ-DECL NIL |defined_types| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) NIL (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Duration| TYPE-EQ-DECL NIL |TimerGeneral| NIL) (|Sample| CONST-DECL "Sample_Type" |SensorLock| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (<= CONST-DECL "bool" |reals| NIL) (|FilteredTickPred| NONEMPTY-TYPE-EQ-DECL NIL |Held_For_TD| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL)) 1454 433 T NIL) (|no| "" 3403450685 3403450764 ("" (SKOSIMP) (("" (SKOSIMP) (("" (LEMMA "Timer_General") (("" (INST?) (("1" (LEMMA "lLockDly_Timer2") (("1" (INST -1 "ldelay!1-delta_L" "n!1-1" "reset!1" "sensor!1") (("1" (ASSERT) (("1" (REPLACE -1 * LR) (("1" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 115 12 T SHOSTAK) (|ELOCK_GENERAL_lemma3-3| NIL 3403450671 NIL (";;; Proof ELOCK_GENERAL_lemma3-2 for formula SensorLock.ELOCK_GENERAL_lemma3" (SKOSIMP) ((";;; Proof ELOCK_GENERAL_lemma3-2 for formula SensorLock.ELOCK_GENERAL_lemma3" (SKOSIMP) ((";;; Proof ELOCK_GENERAL_lemma3-2 for formula SensorLock.ELOCK_GENERAL_lemma3" (LEMMA "Timer_General") ((";;; Proof ELOCK_GENERAL_lemma3-2 for formula SensorLock.ELOCK_GENERAL_lemma3" (INST?) (("1" (LEMMA "lLockDly_Timer2") (("1" (INST -1 "ldelay!1-delta_L" "n!1-1" "reset!1" "sensor!1") (("1" (POSTPONE) NIL) ("2" (POSTPONE) NIL))))) ("2" (POSTPONE) NIL)))))))) ";;; developed with SHOSTAK decision procedures") UNCHECKED NIL NIL NIL NIL NIL) (|ELOCK_GENERAL_lemma3-2| NIL 3403450605 3403450664 ("" (SKOSIMP) (("" (SKOSIMP) (("" (LEMMA "Timer_General") (("" (INST?) (("1" (LEMMA "lLockDly_Timer2") (("1" (INST -1 "ldelay!1-delta_L" "n!1" "reset!1" "sensor!1") (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 1362 48 T NIL) (|ELOCK_GENERAL_lemma3-1| NIL 3403450214 3403450593 ("" (SKOSIMP) (("" (SKOSIMP) (("" (LEMMA "TimerGeneral") (("" (INST?) (("1" (LEMMA "lLockDly_Timer") (("1" (INST -1 "ldelay!1-delta_L" "n!1" "reset!1" "sensor!1") (("1" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL) ("5" (POSTPONE) NIL NIL)) NIL) ("2" (TYPEPRED "ldelay!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 67 1 T NIL)) (|SensorLock_Block_TCC1| 0 (|SensorLock_Block_TCC1-1| NIL 3403446537 3403454186 ("" (SUBTYPE-TCC) NIL NIL) PROVED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 57 55 NIL NIL)) (|SensorLock_Block| 0 (|SensorLock_Block-2| NIL 3403449181 3403449885 ("" (INDUCT "n" 1) (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (INST?) (("2" (ASSERT) (("2" (LEMMA "ELOCK_GENERAL_lemma3") (("2" (INST?) (("2" (ASSERT) (("2" (INST -1 "j!1+1") (("2" (EXPAND "SenLock_SRS" 1) (("2" (EXPAND "ELOCK" 1) (("2" (EXPAND "ElockUpdate") (("2" (ASSERT) (("2" (CASE "Held_For_I(sensor!1, ldelay!1, Sample)(1 + j!1)") (("1" (ASSERT) (("1" (CASE "sensor!1(Sample(1 + j!1))") (("1" (ASSERT) NIL NIL) ("2" (ASSERT) (("2" (EXPAND "Held_For_I") (("2" (SKOSIMP) (("2" (INST -1 "j!1+1") (("1" (ASSERT) NIL NIL) ("2" (ASSERT) (("2" (TYPEPRED "n0!1") (("2" (LEMMA "Sample_Compare1") (("2" (INST -1 "Sample" "n0!1" "1+j!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (TYPEPRED "Sample") (("3" (INST -2 "1+j!1") (("3" (SKOSIMP) (("3" (TYPEPRED "t!1") (("3" (SKOSIMP) (("3" (INST 1 "n!1") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "reset!1(Sample(1 + j!1))") (("1" (ASSERT) (("1" (CASE "sensor!1(Sample(1 + j!1))") (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "sensor!1(Sample(1 + j!1))") (("1" (ASSERT) NIL NIL) ("2" (ASSERT) (("2" (LIFT-IF) (("2" (ASSERT) (("2" (BDDSIMP) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (TYPEPRED "Sample") (("3" (INST -2 "1+j!1") (("3" (SKOSIMP) (("3" (TYPEPRED "t!1") (("3" (SKOSIMP) (("3" (INST 1 "n!1") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (GRIND) NIL NIL)) NIL) UNCHECKED ((|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL AND tk < (TR + TL) / 2}" |SensorLock| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (PRED TYPE-EQ-DECL NIL |defined_types| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|FilteredTickPred| NONEMPTY-TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|SenLock_SRS| DEF-DECL "bool" |SensorLock| NIL) (|Lock_State| TYPE-DECL NIL |SensorLock| NIL) (|lock?| ADT-RECOGNIZER-DECL "[Lock_State -> boolean]" |SensorLock| NIL) (|clock| TYPE-EQ-DECL NIL |Clocks| NIL) (|SDD_State| TYPE-EQ-DECL NIL |SensorLock| NIL) (ELOCK DEF-DECL "SDD_State" |SensorLock| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |SensorLock| NIL) (< CONST-DECL "bool" |reals| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|delta_R| FORMAL-CONST-DECL "time" |SensorLock| NIL) (|delta_L| FORMAL-CONST-DECL "time" |SensorLock| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |SensorLock| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (|TimerUpdate| CONST-DECL "tick" |TimerGeneral| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|Sample_Compare1| FORMULA-DECL NIL |Held_For_TD| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) NIL NIL NIL (|Sample| CONST-DECL "Sample_Type" |SensorLock| NIL) (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (<= CONST-DECL "bool" |reals| NIL) (|ElockUpdate| CONST-DECL "Lock_State" |SensorLock| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|ELOCK_GENERAL_lemma3| FORMULA-DECL NIL |SensorLock| NIL)) 25208 514 T NIL) (|SensorLock_Block-1| NIL 3403446094 3403449175 ("" (INDUCT "n" 1) (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (INST?) (("2" (ASSERT) (("2" (LEMMA "ELOCK_GENERAL_lemma2") (("2" (INST?) (("2" (ASSERT) (("2" (EXPAND "SenLock_SRS" 1) (("2" (EXPAND "ELOCK" 1) (("2" (EXPAND "ElockUpdate" 1) (("2" (ASSERT) (("2" (CASE "Held_For_I(sensor!1, ldelay!1, Sample)(1 + j!1)") (("1" (CASE "sensor!1(Sample(1 + j!1))") (("1" (ASSERT) (("1" (LIFT-IF) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (INST -3 "1+j!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (INST -3 "1+j!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (POSTPONE) NIL NIL)) NIL) UNFINISHED NIL 59 1 T SHOSTAK))) $$$Clocks.pvs Clocks[ K: posreal ]: THEORY BEGIN non_neg: TYPE = { x: real | x>=0 } CONTAINING 0 time: TYPE = non_neg t: VAR time n: VAR nat clock: TYPE = { t: time | EXISTS(n: nat): t=n*K} CONTAINING 0 END Clocks Clocks_T[ delta_t: posreal ]: THEORY BEGIN non_neg: TYPE = { x: real | x>=0 } CONTAINING 0 %tick: TYPE = non_neg %t: VAR tick n: VAR nat tick: TYPE = { t: non_neg | EXISTS(n: nat): t=n*delta_t} CONTAINING 0 x: VAR tick init(x): bool = (x=0) noninit_elem: TYPE ={ x | NOT init(x) } y: VAR noninit_elem pre(y): tick = y - delta_t next(x): tick = x + delta_t rank(x): nat = x/delta_t time_induct : LEMMA FORALL (P : pred[tick]) : (FORALL x, n : rank(x) = n IMPLIES P(x)) IMPLIES (FORALL x : P(x)) time_induction: PROPOSITION FORALL (P: pred[tick]): (FORALL (t: tick): init(t) IMPLIES P(t)) AND (FORALL (t: noninit_elem): P(pre(t)) IMPLIES P(t)) IMPLIES (FORALL (t: tick): P(t)) END Clocks_T $$$Clocks.prf (|Clocks| (|clock_TCC1| 0 (|clock_TCC1-1| NIL 3315261288 NIL ("" (SUBTYPE-TCC) NIL NIL) PROVED-COMPLETE NIL NIL NIL NIL NIL)) (|pre_TCC1| 0 (|pre_TCC1-1| NIL 3315261288 NIL ("" (SKOLEM-TYPEPRED) (("" (SKOLEM-TYPEPRED) (("" (SPLIT) (("1" (GRIND) (("1" (DELETE -3) (("1" (CASE "n!1>0") (("1" (ASSERT) (("1" (LEMMA "both_sides_times_pos_ge1") (("1" (INST -1 "K" "n!1-1" "0") (("1" (SIMPLIFY) (("1" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (INST 1 "n!1-1") (("1" (ASSERT) NIL NIL) ("2" (EXPAND "init") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED-COMPLETE NIL NIL NIL NIL NIL)) (|next_TCC1| 0 (|next_TCC1-1| NIL 3315261288 NIL ("" (SKOLEM-TYPEPRED) (("" (SPLIT) (("1" (SKOLEM-TYPEPRED) (("1" (INST 1 "n!1+1") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (SKOLEM-TYPEPRED) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) PROVED-COMPLETE NIL NIL NIL NIL NIL)) (|rank_TCC1| 0 (|rank_TCC1-1| NIL 3315261288 NIL ("" (SKOLEM-TYPEPRED) (("" (SKOLEM-TYPEPRED) (("" (REPLACE -3 *) (("" (LEMMA "times_div2") (("" (INST - "K" "n!1" "K") (("" (REPLACE - + RL) (("" (LEMMA "div_cancel2") (("" (INST?) (("" (REPLACE - +) (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED-COMPLETE NIL NIL NIL NIL NIL)) (|clock_induct| 0 (|clock_induct-1| NIL 3315261288 3394093286 ("" (SKOSIMP) (("" (SKOLEM!) (("" (INST -1 "x!1" "rank(x!1)") NIL NIL)) NIL)) NIL) PROVED ((|rank| CONST-DECL "nat" |Clocks| NIL) (|clock| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Clocks| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL)) 3 3 T NIL)) (|clock_induction| 0 (|clock_induction-1| NIL 3315261288 3394093287 ("" (SKOSIMP) (("" (LEMMA "clock_induct" ("P" "P!1")) (("" (SPLIT) (("1" (PROPAX) NIL NIL) ("2" (DELETE 2) (("2" (INDUCT "n") (("1" (SKOSIMP) (("1" (INST -2 "x!1") (("1" (GRIND) (("1" (LEMMA "div_eq_zero" ("x" "x!1" "n0z" "K")) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP*) (("2" (ASSERT) (("2" (GROUND) (("2" (INST -1 "pre(x!1)") (("1" (INST -4 "x!1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|clock_induct| FORMULA-DECL NIL |Clocks| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Clocks| NIL) (|clock| TYPE-EQ-DECL NIL |Clocks| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_div_nzreal_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|x!1| SKOLEM-CONST-DECL "clock" |Clocks| NIL) (|pre| CONST-DECL "clock" |Clocks| NIL) (|noninit_elem| TYPE-EQ-DECL NIL |Clocks| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|init| CONST-DECL "bool" |Clocks| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (|rank| CONST-DECL "nat" |Clocks| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL)) 109 107 NIL NIL))) (|Clocks_T| (|time_TCC1| 0 (|time_TCC1-1| NIL 3394092922 3394093194 ("" (SUBTYPE-TCC) NIL NIL) PROVED ((|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL)) 47 46 NIL NIL)) (|pre_TCC1| 0 (|pre_TCC1-1| NIL 3394092922 3394093471 ("" (SKOSIMP) (("" (ASSERT) (("" (SPLIT) (("1" (GRIND) (("1" (TYPEPRED "y!1") (("1" (GRIND) (("1" (CASE "n!1 * delta_t = 0 OR n!1 * delta_t > 0") (("1" (SPLIT) (("1" (PROPAX) NIL NIL) ("2" (HIDE -3) (("2" (BOTH-SIDES "/" "delta_t" -1) (("2" (BOTH-SIDES "/" "delta_t" 2) (("2" (ASSERT) (("2" (GRIND) (("2" (HIDE -2 -3 1) (("2" (CASE "(n!1 * delta_t - delta_t) / delta_t= n!1-1") (("1" (REPLACE -1 * LR) (("1" (HIDE -1) (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "y!1") (("2" (SKOSIMP) (("2" (INST 2 "n!1-1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|n!1| SKOLEM-CONST-DECL "nat" |Clocks_T| NIL) (|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|both_sides_div_pos_gt1| FORMULA-DECL NIL |real_props| NIL) (|pos_times_ge| FORMULA-DECL NIL |real_props| NIL) (|neg_times_ge| FORMULA-DECL NIL |real_props| NIL) (|neg_times_gt| FORMULA-DECL NIL |real_props| NIL) (|pos_times_gt| FORMULA-DECL NIL |real_props| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|real_div_nzreal_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|both_sides_div_pos_ge1| FORMULA-DECL NIL |real_props| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|noninit_elem| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|init| CONST-DECL "bool" |Clocks_T| NIL) (|time| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "posreal" |Clocks_T| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 16722 341 T NIL)) (|next_TCC1| 0 (|next_TCC1-1| NIL 3394092922 3394093493 ("" (SKOSIMP) (("" (TYPEPRED "x!1") (("" (SKOSIMP) (("" (INST 1 "n!1+1") (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (>= CONST-DECL "bool" |reals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|delta_t| FORMAL-CONST-DECL "posreal" |Clocks_T| NIL) (|time| TYPE-EQ-DECL NIL |Clocks_T| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_plus_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|posreal_times_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL)) 1992 44 T NIL)) (|rank_TCC1| 0 (|rank_TCC1-1| NIL 3394092922 3394093565 ("" (SKOSIMP) (("" (SPLIT) (("1" (TYPEPRED "x!1") (("1" (SKOSIMP) (("1" (GRIND) (("1" (GRIND) (("1" (CASE "n!1 * delta_t / delta_t=n!1") (("1" (REPLACE -1 * LR) (("1" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "x!1") (("2" (SKOSIMP) (("2" (ASSERT) (("2" (GRIND) (("2" (CASE "n!1 * delta_t / delta_t=n!1") (("1" (REPLACE -1 * LR) (("1" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (GRIND) NIL NIL)) NIL)) NIL) PROVED ((/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|time| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "posreal" |Clocks_T| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 7013 125 T NIL)) (|time_induct| 0 (|time_induct-2| NIL 3394093604 3394093606 ("" (SKOSIMP) (("" (SKOLEM!) (("" (INST -1 "x!1" "rank(x!1)") NIL NIL)) NIL)) NIL) PROVED ((|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|delta_t| FORMAL-CONST-DECL "posreal" |Clocks_T| NIL) (|time| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|rank| CONST-DECL "nat" |Clocks_T| NIL)) 114 3 T NIL) (|time_induct-1| NIL 3394093595 3394093597 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 170 0 T SHOSTAK)) (|time_induction| 0 (|time_induction-2| NIL 3394093638 3394093640 ("" (SKOSIMP) (("" (LEMMA "time_induct" ("P" "P!1")) (("" (SPLIT) (("1" (PROPAX) NIL NIL) ("2" (DELETE 2) (("2" (INDUCT "n") (("1" (SKOSIMP) (("1" (INST -2 "x!1") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (SKOSIMP*) (("2" (ASSERT) (("2" (GROUND) (("2" (INST -1 "pre(x!1)") (("1" (INST -4 "x!1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|rank| CONST-DECL "nat" |Clocks_T| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (|init| CONST-DECL "bool" |Clocks_T| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|noninit_elem| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|pre| CONST-DECL "time" |Clocks_T| NIL) (|x!1| SKOLEM-CONST-DECL "time" |Clocks_T| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_div_nzreal_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (|time| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "posreal" |Clocks_T| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|time_induct| FORMULA-DECL NIL |Clocks_T| NIL)) 162 63 NIL NIL) (|time_induction-1| NIL 3394093620 3394093631 ("" (SKOSIMP) (("" (LEMMA "clock_induct" ("P" "P!1")) (("" (SPLIT) (("1" (PROPAX) NIL) ("2" (DELETE 2) (("2" (INDUCT "n") (("1" (SKOSIMP) (("1" (INST -2 "x!1") (("1" (GRIND) (("1" (LEMMA "div_eq_zero" ("x" "x!1" "n0z" "K")) (("1" (GRIND) NIL))))))))) ("2" (SKOSIMP*) (("2" (ASSERT) (("2" (GROUND) (("2" (INST -1 "pre(x!1)") (("1" (INST -4 "x!1") (("1" (GRIND) NIL) ("2" (GRIND) NIL))) ("2" (GRIND) NIL)))))))))))))))))) NIL) UNFINISHED NIL 999 3 T NIL))) $$$TClocks.pvs TClocks[ K: posreal,(IMPORTING Clocks[K]) TL,TR:{t:time|tnonneg_real]|FORALL n: c(0)<=Tmax AND Tmin<=c(n+1)-c(n) AND c(n+1)-c(n)<=Tmax} Tc: VAR Tclock % Here are some lemmas used in the future proof in Held_For_Tolerance. Tclock_Truth1: LEMMA n2>n1 IMPLIES Tc(n2)>Tc(n1) Tclock_Truth2: LEMMA n2>=n1 IMPLIES Tc(n2)>=Tc(n1) Tclock_Truth3: LEMMA Tc(n2)>Tc(n1) IMPLIES n2>n1 T_clock_gt: THEOREM n2>n1 IFF Tc(n2)>Tc(n1) END TClocks $$$TClocks.prf (|TClocks| (|Tmin_TCC1| 0 (|Tmin_TCC1-1| NIL 3320344705 3380447807 ("" (SUBTYPE-TCC) NIL NIL) PROVED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL)) 68 26 NIL SHOSTAK)) (|Tclock_TCC1| 0 (|Tclock_TCC1-1| NIL 3374842805 3380447809 ("" (INST 1 "Lambda (n:nat):Tmax*(n+1)") (("" (GRIND) NIL NIL)) NIL) PROVED ((NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|posreal_times_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL)) 192 132 T NIL)) (|Tclock_Truth1| 0 (|Tclock_Truth1-1| NIL 3320408750 3380447872 ("" (CASE "FORALL(Tc:Tclock,n1:nat): FORALL(n2:nat):n2 > n1 IMPLIES Tc(n2) > Tc(n1)") (("1" (SKOSIMP) (("1" (INST -1 "Tc!1" "n1!1") (("1" (INST -1 "n2!1") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (SKOSIMP) (("2" (INDUCT "n2") (("1" (ASSERT) NIL NIL) ("2" (SKOSIMP) (("2" (ASSERT) (("2" (SPLIT) (("1" (TYPEPRED "Tc!1") (("1" (INST -1 "j!1") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (TYPEPRED "j!1") (("2" (TYPEPRED "n1!1") (("2" (TYPEPRED "n1!1") (("2" (CASE "j!1>n1!1 OR j!1<=n1!1") (("1" (SPLIT) (("1" (PROPAX) NIL NIL) ("2" (CASE "j!1=n1!1") (("1" (GRIND) (("1" (TYPEPRED "Tc!1") (("1" (INST -1 "n1!1") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL)) 554 417 T SHOSTAK)) (|Tclock_Truth2| 0 (|Tclock_Truth2-1| NIL 3320409458 3380447873 ("" (LEMMA "Tclock_Truth1") (("" (SKOSIMP) (("" (CASE "n2!1>n1!1 OR n2!1=n1!1") (("1" (INST -2 "Tc!1" "n1!1" "n2!1") (("1" (GRIND) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) PROVED ((|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (> CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|Tclock_Truth1| FORMULA-DECL NIL |TClocks| NIL)) 49 30 T SHOSTAK)) (|Tclock_Truth3| 0 (|Tclock_Truth3-2| "Start of new proof" 3375082282 3380447874 ("" (SKOLEM 1 ("Tc!1" "n!1" _)) (("" (TYPEPRED "Tc!1" "n!1") (("" (INDUCT "n2") (("1" (FLATTEN) (("1" (EXPAND ">=" -3) (("1" (EXPAND "<=" -3) (("1" (SPLIT) (("1" (LEMMA "Tclock_Truth1") (("1" (INST -1 "Tc!1" "0" "n!1") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOLEM!) (("2" (FLATTEN) (("2" (SPLIT) (("1" (ASSERT) NIL NIL) ("2" (CASE "j!1+1=n!1") (("1" (ASSERT) NIL NIL) ("2" (CASE "j!1+1 bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (< CONST-DECL "bool" |reals| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|Tclock_Truth1| FORMULA-DECL NIL |TClocks| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL)) 175 120 T SHOSTAK) (|Tclock_Truth3-1| NIL 3320409559 3375080556 ("" (CASE "FORALL(n1:nat,Tc:Tclock): (FORALL(n2:nat): Tc(n2) > Tc(n1) IMPLIES n2 >= n1)") (("1" (SKOSIMP) (("1" (INST -1 "n1!1" "Tc!1") (("1" (INST -1 "n2!1") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (SKOSIMP) (("2" (INDUCT "n2") (("1" (GRIND) (("1" (CASE "n1!1=0") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (TYPEPRED "Tc!1") (("2" (INST -1 "0") (("2" (TYPEPRED "n1!1") (("2" (CASE "n1!1>0 OR n1!1=0") (("1" (SPLIT) (("1" (LEMMA "Tclock_Truth1") (("1" (INST -1 "0" "n1!1" "Tc!1") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (PROPAX) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (SPLIT) (("1" (CASE "j!1 > n1!1 OR j!1 = n1!1") (("1" (SPLIT) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (CASE "Tc!1(j!1) > Tc!1(n1!1) OR Tc!1(j!1) <= Tc!1(n1!1)") (("1" (SPLIT) (("1" (PROPAX) NIL NIL) ("2" (CASE "j!1 >= n1!1") (("1" (GRIND) NIL NIL) ("2" (CASE "j!1= n1!1") (("1" (SPLIT) (("1" (LEMMA "Tclock_Truth1") (("1" (INST -1 "j!1" "n1!1" "Tc!1") (("1" (ASSERT) (("1" (CASE "j!1+1=n1!1") (("1" (SPLIT) (("1" (GRIND) (("1" (LEMMA "Tclock_Truth1") (("1" (INST -1 "j!1+1" "n1!1" "Tc!1") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (PROPAX) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED ((|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|Tclock_Truth1| FORMULA-DECL NIL |TClocks| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (< CONST-DECL "bool" |reals| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) NIL (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL)) 1014 683 T SHOSTAK)) (|T_clock_gt| 0 (|T_clock_gt-1| NIL 3375084973 3380447875 ("" (LEMMA "Tclock_Truth1") (("" (LEMMA "Tclock_Truth3") (("" (SKOLEM!) (("" (INST?) (("" (INST?) (("" (SPLIT +) (("1" (PROPAX) NIL NIL) ("2" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|Tclock_Truth3| FORMULA-DECL NIL |TClocks| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tclock_Truth1| FORMULA-DECL NIL |TClocks| NIL)) 44 18 T SHOSTAK)) (|sampleExists| 0 (|sampleExists-1| NIL 3380447883 3380448354 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (POSTPONE) NIL NIL)) NIL)) NIL) UNFINISHED NIL 47181 8 T SHOSTAK))) $$$Held_For_T.pvs % From Here is the Held_For_Tolerance Theory for our paper.FM2005 Held_For_T [K:posreal, (IMPORTING Clocks[K]) TL,TR:{t:time|tdelta_L AND du>delta_R AND du-delta_L>K+TR} d, duration:VAR Duration nL,nR:VAR nat n, n0:VAR nat t, t1, t2, t_now, t_n, t_j, Ts, u: VAR time t3: var posreal Sample1(tl:time)(t:time)(ns:nat|ns>0)(n:nat):time=TABLE |[n=0 |n=1 |n>1 AND n<=ns |n=ns+1 | n>ns+1 ]| | 0 |Tmax |(n-1)*t+Tmax |(ns-1)*t+Tmax+tl | (ns-1)*t+Tmax+tl+(n-ns-1)*Tmax || ENDTABLE Sample2(t:time|t>0)(ns:nat|ns>0)(n:nat):time=TABLE |[n=0 |n>0 AND n<=ns |n>ns ]| | Tmax |(ceiling(Tmax/t)+n)*t |(ceiling(Tmax/t)+ns)*t+(n-ns)*Tmax || ENDTABLE Sample: VAR Tclock % This defined feasible function, which will be used to check whether cases are feasible or not. Feasible(P,duration):bool=FORALL(Sample:Tclock):(FORALL(n0:nat, t|t>=Sample(n0) AND t=duration-delta_L AND Sample(n)-t<=duration+delta_R) Feasible(d):bool=FORALL(Sample:Tclock):(FORALL(n0:nat, t|t>Sample(n0) AND t<=Sample(n0+1)): EXISTS(n:nat): Sample(n)-t>=d-delta_L AND Sample(n)-t<=d+delta_R) NewFeasible(d):bool=FORALL Sample: FORALL n0: EXISTS n: FORALL (t|t>Sample(n0) AND t<=Sample(n0+1)): Sample(n)-t>=d-delta_L AND Sample(n)-t<=d+delta_R Feasible_Strongest(d):bool=EXISTS(n:nat):FORALL(Sample:Tclock):FORALL(n0:nat): FORALL(t|t>Sample(n0) AND t<=Sample(n0+1)): Sample(n+n0)-t>=d-delta_L AND Sample(n+n0)-t<=d+delta_R %------------------ SUPPORTIVE LEMMAS---------------------- Sample_Interval: LEMMA FORALL(n:nat, duration:time): Sample(n+floor(duration/Tmin)+1)>=Sample(n)+duration Sample_Interval2: LEMMA FORALL(n:nat, k:nat): Sample(n+k)>=Sample(n)+k*(K-TL) Sample_Interval3: LEMMA FORALL(n:nat, k:nat): Sample(n+k)<=Sample(n)+k*(K+TR) TClock_2: LEMMA FORALL(t:time|t>Tmax): EXISTS(n:nat,j:nat): Sample(n)<=t AND Sample(n+j)>t TClock_4: LEMMA FORALL(t:time|t>=Sample(0)): EXISTS(n:nat,j:nat): Sample(n)<=t AND Sample(n+j)>t TClock_1: LEMMA FORALL(t:time|t>Tmax): EXISTS(n:nat): Sample(n)<=t AND Sample(n+1)>t TClock_3: LEMMA FORALL(t:time|t>=Sample(0)): EXISTS(n:nat): Sample(n)<=t AND Sample(n+1)>t sampleExists: LEMMA t2-t1>Tmax => EXISTS n: t11):FORALL (t:time|t<=Tmax AND t>=Tmin): FORALL (tl:time|tl<=Tmax AND tl>=Tmin):EXISTS(Sample:Tclock): Sample(0)=0 AND Sample(1)=Tmax AND (FORALL(n:nat|n>1 AND n<=ns):Sample(n)=(n-1)*t+Tmax) AND Sample(ns+1)=(ns-1)*t+Tmax+tl AND (FORALL(n:nat|n>ns+1):(Sample(n)=(ns-1)*t+Tmax+tl+(n-ns-1)*Tmax)) FEASIBLE1: LEMMA Tmax<=(delta_L+delta_R)/2 IMPLIES Feasible(P,duration) FLOOR_REAL1: LEMMA FORALL (a,b:time): a>b IMPLIES floor(a)>=floor(b) FLOOR_REAL2: LEMMA FORALL (a,b:time): floor(a)>floor(b) IMPLIES floor(a)>=b FLOOR_REAL3: LEMMA FORALL (a,c:posreal, b:time): a>=b/c IMPLIES b/a<=c FLOOR_REAL4: LEMMA FORALL (a,c:posreal, b:time): a<=b/c IMPLIES b/a>=c FLOOR_TRUTH: LEMMA floor((duration-delta_L)/Tmax)>=0 FLOOR_TRUTH1: LEMMA floor((duration-delta_L)/Tmin)>=0 FLOOR_COMMON: LEMMA FORALL (t:time|t<=Tmax AND t>=Tmin): floor((duration-delta_L)/t)>0 AND floor((duration+delta_R)/t)>0 CEILING_COMMON: LEMMA FORALL (t:time|t<=Tmax AND t>=Tmin): ceiling((duration-delta_L)/t)>0 AND ceiling((duration+delta_R)/t)>0 FEASIBLE2: LEMMA floor((duration-delta_L)/Tmax)=floor((duration-delta_L)/Tmin) AND (floor((duration-delta_L)/Tmax)+2)*Tmax<=duration+delta_R IMPLIES Feasible(P,duration) Kmin(d):nat = floor((d-delta_L)/Tmax) Kmax(d):nat = floor((d-delta_L)/Tmin) TminAndKmax: LEMMA (Kmax(d)=Kmin(d) OR (Kmax(d)=Kmin(d)+1 & Kmax(d)*Tmin=d-delta_L)) IFF Tmin >= (d-delta_L)/(Kmin(d)+1) %------------------ SUPPORTIVE THEOREMS---------------------- FEASIBLE21_NEW: LEMMA (delta_L+delta_R)/2 <= Tmax & Tmax <= delta_L+delta_R IMPLIES (floor((d-delta_L)/Tmax)=floor((d-delta_L)/Tmin) AND (floor((d-delta_L)/Tmax)+2)*Tmax<=d+delta_R IMPLIES NewFeasible(d)) FEASIBLE21_NEW1: LEMMA (delta_L+delta_R)/2 <= Tmax & Tmax <= delta_L+delta_R IMPLIES (floor((d-delta_L)/Tmax)+1=floor((d-delta_L)/Tmin) AND floor((d-delta_L)/Tmin)*Tmin=d-delta_L AND (floor((d-delta_L)/Tmax)+2)*Tmax<=d+delta_R IMPLIES NewFeasible(d)) FEASIBLE21_NEW2:lemma (delta_L+delta_R)/2 <= Tmax & Tmax <= delta_L+delta_R IMPLIES Tmin >= (d-delta_L)/(Kmin(d)+1) AND (floor((d-delta_L)/Tmax)+2)*Tmax<=d+delta_R IMPLIES NewFeasible(d) e:VAR {x:time|Tmin<=x & x t+Tmax<=t1 NewFeasibleAnddMinusDeltaL:LEMMA NewFeasible(d) & (exists n: d-delta_L=n*Tmax) & Tmin/=Tmax => delta_L+delta_R >= 2*Tmax FEASIBLE1_NEW: LEMMA Tmax<=(delta_L+delta_R)/2 IMPLIES NewFeasible(d) FEASIBLE21_STRONGEST: LEMMA (delta_L+delta_R)/2 <= Tmax & Tmax <= delta_L+delta_R IMPLIES (floor((d-delta_L)/Tmax)=floor((d-delta_L)/Tmin) AND (floor((d-delta_L)/Tmax)+2)*Tmax<=d+delta_R IMPLIES Feasible_Strongest(d)) FLOOR_TRUTH2: LEMMA (FORALL (t:time|t<=Tmax AND t>=Tmin):floor((d-delta_L)/t)<(d-delta_L)/t) IMPLIES floor((d-delta_L)/Tmin)=floor((d-delta_L)/Tmax) GT_LEQ_PROP: LEMMA (FORALL (x:{y:real|y>0}):t-x<=t1) IMPLIES t<=t1 GT_LEQ_PROP1: LEMMA (FORALL (x:{y:real|y>0 AND y<=t3}):t-x<=t1) IMPLIES t<=t1 % FEASIBLE22_MAIN:LEMMA %(delta_L+delta_R)/2 < Tmax & Tmax <= delta_L+delta_R IMPLIES %(NewFeasible(d) AND floor((d-delta_L)/Tmin)*Tmin/=d-delta_L IMPLIES FORALL (t:time|t<=Tmax AND t>=Tmin):floor((d-delta_L)/t)*t= (d-delta_L)/(Kmin(d)+1) %AND (floor((d-delta_L)/Tmax)+2)*Tmax<=d+delta_R) %------------------ MAIN THEOREMS---------------------- FeasibleAnddMinusDeltaL:LEMMA Feasible(d) & (exists n: d-delta_L=n*Tmax) & Tmin/=Tmax => delta_L+delta_R >= 2*Tmax PERFECT_CLOCK_CASE2A_1:LEMMA (delta_L+delta_R)/2 < Tmax & Tmax <= delta_L+delta_R IMPLIES (NewFeasible(d) AND floor((d-delta_L)/Tmin)*Tmin/=d-delta_L IMPLIES FORALL (t:time|t<=Tmax AND t>=Tmin):floor((d-delta_L)/t)*t= (d-delta_L)/(Kmin(d)+1) AND (floor((d-delta_L)/Tmax)+2)*Tmax<=d+delta_R) NO_CLOCK_CASE2B: THEOREM (delta_L+delta_R)/2 < Tmax & Tmax <= delta_L+delta_R AND Tmin/=Tmax IMPLIES (Tmin >= (d-delta_L)/(Kmin(d)+1) AND (floor((d-delta_L)/Tmax)+2)*Tmax<=d+delta_R IMPLIES Feasible_Strongest(d)) PERFECT_CLOCK_CASE1B: LEMMA Tmax<=(delta_L+delta_R)/2 IMPLIES NewFeasible(d) %%----------------------------------------------------- NO_CLOCK_IMPLIES_PERFECT_CLOCK: LEMMA Feasible_Strongest(d) IMPLIES NewFeasible(d) PERFECT_CLOCK_IMPLIES_IDEAL: LEMMA NewFeasible(d) IMPLIES Feasible(d) %%-------------------CASE 1 ---------------------------- NO_CLOCK_CASE1: LEMMA Tmax<=(delta_L+delta_R)/2 AND Tmin/=Tmax IMPLIES ((ceiling((d-delta_L)/Tmin)+1)*Tmax<=d+delta_R IFF Feasible_Strongest(d)) PERFECT_CLOCK_CASE1: LEMMA Tmax<=(delta_L+delta_R)/2 IMPLIES NewFeasible(d) IDEAL_CLOCK_CASE1: LEMMA Tmax<=(delta_L+delta_R)/2 IMPLIES Feasible(d) %%-------------------CASE 2 ---------------------------- NO_CLOCK_CASE2: THEOREM (delta_L+delta_R)/2 < Tmax & Tmax <= delta_L+delta_R AND Tmin/=Tmax IMPLIES (Tmin >= (d-delta_L)/(Kmin(d)+1) AND (floor((d-delta_L)/Tmax)+2)*Tmax<=d+delta_R IFF Feasible_Strongest(d)) PERFECT_CLOCK_CASE2: THEOREM (delta_L+delta_R)/2 < Tmax & Tmax <= delta_L+delta_R AND Tmin/=Tmax IMPLIES (Tmin >= (d-delta_L)/(Kmin(d)+1) AND (floor((d-delta_L)/Tmax)+2)*Tmax<=d+delta_R IFF NewFeasible(d)) IDEAL_CLOCK_CASE2: THEOREM (delta_L+delta_R)/2 < Tmax & Tmax <= delta_L+delta_R AND Tmin/=Tmax IMPLIES (Tmin >= (d-delta_L)/(Kmin(d)+1) AND (floor((d-delta_L)/Tmax)+2)*Tmax<=d+delta_R IFF Feasible(d)) %%------------------------------------------------------ Feasible_Point(d):bool=FORALL(Sample:Tclock):FORALL(n0:nat): FORALL(t|t>Sample(n0) AND t<=Sample(n0+1)): Sample(Kmin(d)+2+n0)-t>=d-delta_L AND Sample(Kmin(d)+2+n0)-t<=d+delta_R FEASIBLE_POINT_STRONGEST: LEMMA (delta_L+delta_R)/2 <= Tmax & Tmax <= delta_L+delta_R IMPLIES (floor((d-delta_L)/Tmax)=floor((d-delta_L)/Tmin) AND (floor((d-delta_L)/Tmax)+2)*Tmax<=d+delta_R IMPLIES Feasible_Point(d)) PERFECT_CLOCK_CASE2B: LEMMA (delta_L+delta_R)/2 < Tmax & Tmax <= delta_L+delta_R AND Tmin/=Tmax IMPLIES (Tmin >= (d-delta_L)/(Kmin(d)+1) AND (floor((d-delta_L)/Tmax)+2)*Tmax<=d+delta_R IMPLIES Feasible_Point(d)) END Held_For_T $$$Held_For_T.prf (|Held_For_T| (|Sample1_TCC1| 0 (|Sample1_TCC1-1| NIL 3383230369 3395265895 ("" (SKOSIMP) (("" (CASE "n!1-1>=0") (("1" (TYPEPRED "t!1") (("1" (TYPEPRED "Tmax") (("1" (CASE "(n!1-1)*t!1>=0") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (LEMMA "pos_times_ge") (("2" (INST -1 "n!1-1" "t!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) UNCHECKED ((|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 50 47 T NIL)) (|Sample1_TCC2| 0 (|Sample1_TCC2-1| NIL 3383230369 3395265896 ("" (SKOSIMP) (("" (TYPEPRED "Tmax") (("" (TYPEPRED "tl!1") (("" (CASE "(ns!1 - 1) * t!1>=0") (("1" (ASSERT) NIL NIL) ("2" (HIDE 2) (("2" (LEMMA "pos_times_ge") (("2" (INST -1 "ns!1-1" "t!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL)) 71 66 T NIL)) (|Sample1_TCC3| 0 (|Sample1_TCC3-1| NIL 3383230369 3395265897 ("" (SKOSIMP) (("" (CASE "(ns!1 - 1) * t!1>=0") (("1" (CASE "(n!1 - ns!1 - 1) * Tmax[K, TL, TR]>=0") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (LEMMA "pos_times_ge") (("2" (INST -1 "n!1 - ns!1 - 1" "Tmax") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "pos_times_ge") (("2" (INST -1 "ns!1-1" "t!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL)) 132 124 T NIL)) (|Sample1_TCC4| 0 (|Sample1_TCC4-1| NIL 3383230369 3395265897 ("" (COND-DISJOINT-TCC) NIL NIL) UNCHECKED NIL 61 57 NIL NIL)) (|Sample1_TCC5| 0 (|Sample1_TCC5-1| NIL 3383230369 3395265898 ("" (COND-COVERAGE-TCC) NIL NIL) UNCHECKED NIL 13 13 NIL NIL)) (|Sample2_TCC1| 0 (|Sample2_TCC1-1| NIL 3380809149 3395265899 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (LEMMA "nonneg_ceiling_is_nat") (("" (INST?) (("" (ASSERT) (("" (CASE "Tmax[K, TL, TR] * n!1 - Tmax[K, TL, TR] * ns!1>=0") (("1" (ASSERT) NIL NIL) ("2" (ASSERT) (("2" (TYPEPRED "Tmax[K, TL, TR]") (("2" (BOTH-SIDES "*" "Tmax[K, TL, TR]" -8) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 135 123 T NIL)) (|Sample2_TCC2| 0 (|Sample2_TCC2-1| NIL 3380809149 3395265899 ("" (SUBTYPE-TCC) NIL NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 32 30 NIL NIL)) (|Sample2_TCC3| 0 (|Sample2_TCC3-1| NIL 3380809149 3395265900 ("" (SUBTYPE-TCC) NIL NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 36 33 NIL NIL)) (|Sample_Interval| 0 (|Sample_Interval-2| NIL 3328794224 3395265903 ("" (SKOSIMP) (("" (CASE "FORALL (n:nat): FORALL(k:nat): Sample!1(n+k+1)>=Sample!1(n)+k*Tmin+Tmin") (("1" (INST -1 "n!1") (("1" (INST -1 "floor(duration!1 / Tmin)") (("1" (CASE "floor(duration!1 / Tmin) * Tmin + Tmin>=duration!1") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (HIDE -1) (("2" (BOTH-SIDES "/" "Tmin") (("2" (NAME-REPLACE "k!1" "duration!1/Tmin") (("2" (NAME-REPLACE "tmin" "Tmin") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (SKOSIMP) (("2" (INDUCT "k") (("1" (GRIND) (("1" (TYPEPRED "Sample!1") (("1" (INST -1 "n!2") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2+j!1+1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL)) 311 291 T NIL) (|Sample_Interval-1| NIL 3328794193 3328794213 ("" (CASE "FORALL (n:nat): FORALL(k:nat): Sample(n+k+1)>=Sample(n)+k*Tmin+Tmin") (("1" (SKOSIMP) (("1" (INST -1 "n!1") (("1" (INST -1 "floor(duration!1 / Tmin)") (("1" (CASE "floor(duration!1 / Tmin) * Tmin + Tmin>=duration!1") (("1" (GRIND) NIL) ("2" (HIDE 2) (("2" (HIDE -1) (("2" (BOTH-SIDES "/" "Tmin") (("2" (NAME-REPLACE "k!1" "duration!1/Tmin") (("2" (NAME-REPLACE "tmin" "Tmin") (("2" (GRIND) NIL))))))))))))))))))) ("2" (HIDE 2) (("2" (SKOSIMP) (("2" (INDUCT "k") (("1" (GRIND) (("1" (TYPEPRED "Sample") (("1" (INST -1 "n!1") (("1" (GRIND) NIL))))))) ("2" (SKOSIMP) (("2" (TYPEPRED "Sample") (("2" (INST -1 "n!1+j!1+1") (("2" (GRIND) NIL)))))))))))))) NIL) UNFINISHED NIL 18449 3410 T NIL)) (|Sample_Interval2| 0 (|Sample_Interval2-4| NIL 3380810106 3395265904 ("" (SKOSIMP) (("" (CASE "FORALL (n: nat):FORALL( k: nat): Sample!1(n + k) >= Sample!1(n) + k * (K -TL)") (("1" (INST -1 "n!1") (("1" (INST -1 "k!1") NIL NIL)) NIL) ("2" (HIDE 2) (("2" (SKOSIMP) (("2" (INDUCT "k") (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2+j!1") (("2" (ASSERT) (("2" (BDDSIMP) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL)) 98 93 T NIL) (|Sample_Interval2-3| NIL 3380810094 NIL (";;; Proof Sample_Interval2-2 for formula Held_For_T.Sample_Interval2" (SKOSIMP) ((";;; Proof Sample_Interval2-2 for formula Held_For_T.Sample_Interval2" (CASE "FORALL (n: nat):FORALL( k: nat): Sample!1(n + k) >= Sample!1(n) + k * (K - TL)") (("1" (INST -1 "n!1") (("1" (INST -1 "k!1") NIL))) ("2" (HIDE 2) (("2" (SKOSIMP) (("2" (INDUCT "k") (("1" (GRIND) NIL) ("2" (SKOSIMP) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2+j!1") (("2" (ASSERT) (("2" (BDDSIMP) (("2" (GRIND) (("2" (POSTPONE) NIL)))))))))))))))))))))) ";;; developed with SHOSTAK decision procedures") UNCHECKED NIL NIL NIL NIL NIL) (|Sample_Interval2-2| NIL 3380809875 3380810069 ("" (SKOSIMP) (("" (CASE "FORALL (n: nat):FORALL( k: nat): Sample!1(n + k) >= Sample!1(n) + k * (K + TL)") (("1" (INST -1 "n!1") (("1" (INST -1 "k!1") NIL NIL)) NIL) ("2" (HIDE 2) (("2" (SKOSIMP) (("2" (INDUCT "k") (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2+j!1") (("2" (ASSERT) (("2" (BDDSIMP) (("2" (GRIND) (("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 19295 268 T NIL) (|Sample_Interval2-1| NIL 3380809819 3380809822 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 352 1 T SHOSTAK)) (|Sample_Interval3| 0 (|Sample_Interval3-3| NIL 3397414369 3397414373 ("" (SKOSIMP) (("" (CASE "FORALL (n: nat):FORALL( k: nat): Sample!1(n + k) <= Sample!1(n) + k * (K + TR)") (("1" (INST -1 "n!1") (("1" (INST -1 "k!1") NIL NIL)) NIL) ("2" (HIDE 2) (("2" (SKOSIMP) (("2" (INDUCT "k") (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2+j!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|nnreal_plus_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|posreal_times_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_T| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnint_plus_nnint_is_nnint| APPLICATION-JUDGEMENT "nonneg_int" |integers| NIL)) 294 173 T NIL) (|Sample_Interval3-2| NIL 3397358620 3397358667 (";;; Proof Sample_Interval3-1 for formula Held_For_T.Sample_Interval3" (SKOLEM-TYPEPRED) ((";;; Proof Sample_Interval3-1 for formula Held_For_T.Sample_Interval3" (LEMMA "TClock_2") ((";;; Proof Sample_Interval3-1 for formula Held_For_T.Sample_Interval3" (INST -1 "Sample!1" "t!1") ((";;; Proof Sample_Interval3-1 for formula Held_For_T.Sample_Interval3" (SKOSIMP) ((";;; Proof Sample_Interval3-1 for formula Held_For_T.Sample_Interval3" (CASE "FORALL(i:nat|i t!1") (("1" (INST -1 "j!1-1") (("1" (SKOSIMP) (("1" (INST 1 "n!2") (("1" (GRIND) NIL))))) ("2" (HIDE -3) (("2" (TYPEPRED "j!1") (("2" (EXPAND ">=" -1) (("2" (EXPAND "<=" -1) (("2" (SPLIT) (("1" (ASSERT) NIL) ("2" (ASSERT) NIL))))))))))))) ("2" (INDUCT "i") (("1" (GRIND) NIL) ("2" (SKOLEM-TYPEPRED) (("2" (FLATTEN) (("2" (SKOLEM!) (("2" (TYPEPRED "j!1") (("2" (EXPAND ">=" -1) (("2" (CASE "Sample!1(n!2 + 1) < t!1 OR Sample!1(n!2 + 1) >= t!1") (("1" (SPLIT) (("1" (INST 1 "n!2+1") (("1" (GRIND) NIL))) ("2" (INST?) (("2" (INST?) (("2" (INST?) (("2" (ASSERT) (("2" (FLATTEN) (("2" (GRIND) (("2" (CASE "Sample!1(1 + n!2) =t!1") (("1" (REVEAL 1) (("1" (INST * "1+n!2") (("1" (GRIND) (("1" (LEMMA "T_clock_gt") (("1" (INST * "Sample!1" "1+n!2" "2+n!2") (("1" (GRIND) NIL))))))))))) ("2" (ASSERT) NIL))))))))))))))))) ("2" (ASSERT) (("2" (GRIND) NIL)))))))))))))))))))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 4569 8 NIL NIL) (|Sample_Interval3-1| NIL 3328794615 3395265905 ("" (SKOSIMP) (("" (CASE "FORALL (n: nat):FORALL( k: nat): Sample!1(n + k) <= Sample!1(n) + k * (K + TR)") (("1" (INST -1 "n!1") (("1" (INST -1 "k!1") NIL NIL)) NIL) ("2" (HIDE 2) (("2" (SKOSIMP) (("2" (INDUCT "k") (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2+j!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL)) 79 74 T NIL)) (|TClock_2| 0 (|TClock_2-2| NIL 3329235990 3395265906 ("" (SKOSIMP) (("" (INST 1 "0" "floor(t!1/Tmin)+2") (("" (SPLIT) (("1" (TYPEPRED "Sample!1") (("1" (INST -1 "0") (("1" (GRIND) (("1" (TYPEPRED "t!1") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval") (("2" (INST -1 "Sample!1" "1" "t!1") (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "1") (("2" (GRIND) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL)) 129 121 NIL NIL) (|TClock_2-1| NIL 3329228695 3329235960 ("" (SKOSIMP) (("" (INST 1 "0" "floor(t!1/Tmin)+1") (("" (SPLIT) (("1" (TYPEPRED "Sample!1") (("1" (INST -1 "0") (("1" (GRIND) (("1" (TYPEPRED "t!1") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval") (("2" (INST -1 "Sample!1" "0" "t!1") (("2" (GRIND) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (GRIND) (("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 615171 12400 T SHOSTAK)) (|TClock_4| 0 (|TClock_4-1| NIL 3397397606 3397397610 ("" (SKOSIMP) (("" (INST 1 "0" "floor(t!1/Tmin)+2") (("" (SPLIT) (("1" (TYPEPRED "Sample!1") (("1" (INST -1 "0") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval") (("2" (INST -1 "Sample!1" "1" "t!1") (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "1") (("2" (GRIND) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|odd_plus_even_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nonneg_floor_is_nat| APPLICATION-JUDGEMENT "nat" |floor_ceil| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|odd_plus_odd_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|real_div_nzreal_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|Sample_Interval| FORMULA-DECL NIL |Held_For_T| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_T| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|floor| CONST-DECL "{i | i <= x & x bool]" |booleans| NIL) (|integer| NONEMPTY-TYPE-FROM-DECL NIL |integers| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL)) 217 124 T NIL)) (|TClock_1| 0 (|TClock_1-5| "Updated for PVS 4.0 and new TClock theory" 3375096498 3395265910 ("" (SKOLEM-TYPEPRED) (("" (LEMMA "TClock_2") (("" (INST -1 "Sample!1" "t!1") (("" (SKOSIMP) (("" (CASE "FORALL(i:nat|i t!1") (("1" (INST -1 "j!1-1") (("1" (SKOSIMP) (("1" (INST 1 "n!2") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (HIDE -3) (("2" (TYPEPRED "j!1") (("2" (EXPAND ">=" -1) (("2" (EXPAND "<=" -1) (("2" (SPLIT) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INDUCT "i") (("1" (GRIND) NIL NIL) ("2" (SKOLEM-TYPEPRED) (("2" (FLATTEN) (("2" (SKOLEM!) (("2" (TYPEPRED "j!1") (("2" (EXPAND ">=" -1) (("2" (CASE "Sample!1(n!2 + 1) < t!1 OR Sample!1(n!2 + 1) >= t!1") (("1" (SPLIT) (("1" (INST 1 "n!2+1") (("1" (GRIND) NIL NIL)) NIL) ("2" (INST?) (("2" (INST?) (("2" (INST?) (("2" (ASSERT) (("2" (FLATTEN) (("2" (GRIND) (("2" (CASE "Sample!1(1 + n!2) =t!1") (("1" (REVEAL 1) (("1" (INST * "1+n!2") (("1" (GRIND) (("1" (LEMMA "T_clock_gt") (("1" (INST * "Sample!1" "1+n!2" "2+n!2") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|T_clock_gt| FORMULA-DECL NIL |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 377 354 T SHOSTAK) (|TClock_1-4| "" 3329234856 3375091554 ("" (LEMMA "TClock_2") (("" (SKOSIMP) (("" (INST -1 "Sample!1" "t!1") (("" (SKOSIMP) (("" (CASE "FORALL(i:nat|i t!1") (("1" (INST -1 "j!1-1") (("1" (SKOSIMP) (("1" (INST 1 "n!2") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (TYPEPRED "j!1") (("2" (CASE "j!1=0 OR j!1>0") (("1" (SPLIT) (("1" (HIDE -2) (("1" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "i") (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (CASE "j!1=0 OR j!1>0") (("1" (SPLIT) (("1" (GRIND) NIL NIL) ("2" (CASE "Sample!1(n!2 + 1) < t!1 OR Sample!1(n!2 + 1) >= t!1") (("1" (SPLIT) (("1" (HIDE -6 -7) (("1" (INST 1 "n!2+1") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (CASE "Sample!1(n!2 + 1) = t!1 OR Sample!1(n!2 + 1) > t!1") (("1" (SPLIT) (("1" (HIDE -2) (("1" (INST 1 "n!2+1") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (HIDE -2) (("2" (INST 1 "n!2") (("2" (ASSERT) (("2" (LEMMA "Tclock_Truth2") (("2" (INST -1 "1+n!2" "-1 - jb!1 + j!1 + n!2" "Sample!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED NIL 44150 681 T NIL) (|TClock_1-3| "" 3329234790 3329234817 ("" (LEMMA "TClock_2") (("" (SKOSIMP) (("" (INST -1 "Sample!1" "t!1") (("" (SKOSIMP) (("" (CASE "FORALL(i:nat|i t!1") (("1" (INST -1 "j!1-1") (("1" (SKOSIMP) (("1" (INST 1 "n!2") (("1" (GRIND) NIL))))) ("2" (HIDE 2) (("2" (TYPEPRED "j!1") (("2" (CASE "j!1=0 OR j!1>0") (("1" (SPLIT) (("1" (HIDE -2) (("1" (GRIND) NIL))) ("2" (GRIND) NIL))) ("2" (GRIND) NIL))))))))) ("2" (HIDE 2) (("2" (INDUCT "i") (("1" (GRIND) NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (CASE "j!1=0 OR j!1>0") (("1" (SPLIT) (("1" (GRIND) NIL) ("2" (CASE "Sample!1(n!2 + 1) < t!1 OR Sample!1(n!2 + 1) >= t!1") (("1" (SPLIT) (("1" (HIDE -6 -7) (("1" (INST 1 "n!2+1") (("1" (GRIND) NIL))))) ("2" (CASE "Sample!1(n!2 + 1) = t!1 OR Sample!1(n!2 + 1) > t!1") (("1" (SPLIT) (("1" (HIDE -2) (("1" (INST 1 "n!2+1") (("1" (ASSERT) NIL))))) ("2" (HIDE -2) (("2" (INST 1 "n!2") (("2" (ASSERT) (("2" (LEMMA "Tclock_Truth2") (("2" (INST -1 "1+n!2" "-1 - jb!1 + j!1 + n!2" "Sample!1") (("2" (ASSERT) NIL))))))))))))) ("2" (ASSERT) (("2" (GRIND) NIL))))))) ("2" (GRIND) NIL))))) ("2" (GRIND) NIL)))))))))))))))))))) NIL) UNCHECKED NIL 21545 4070 NIL NIL) (|TClock_1-2| "" 3328795328 3329234640 ("" (LEMMA "TClock_2") (("" (SKOSIMP) (("" (INST -1 "Sample!1" "t!1") (("" (SKOSIMP) (("" (CASE "FORALL(i:nat|i t!1") (("1" (INST -1 "j!1-1") (("1" (SKOSIMP) (("1" (INST 1 "n!2") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (TYPEPRED "j!1") (("2" (CASE "j!1=0 OR j!1>0") (("1" (SPLIT) (("1" (HIDE -2) (("1" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "i") (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (CASE "j!1=0 OR j!1>0") (("1" (SPLIT) (("1" (GRIND) NIL NIL) ("2" (CASE "Sample!1(n!2 + 1) < t!1 OR Sample!1(n!2 + 1) >= t!1") (("1" (SPLIT) (("1" (HIDE -6 -7) (("1" (INST 1 "n!2+1") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (CASE "Sample!1(n!2 + 1) = t!1 OR Sample!1(n!2 + 1) > t!1") (("1" (SPLIT) (("1" (HIDE -2) (("1" (INST 1 "n!2+1") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (HIDE -2) (("2" (INST 1 "n!2") (("2" (ASSERT) (("2" (LEMMA "Tclock_Truth2") (("2" (INST -1 "1+n!2" "-1 - jb!1 + j!1 + n!2" "Sample!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED NIL 2579369 18810 T SHOSTAK) (|TClock_1-1| NIL 3328790887 3328791814 ("" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL)) NIL) UNCHECKED NIL 3454 120 T SHOSTAK)) (|TClock_3| 0 (|TClock_3-3| NIL 3397397633 3397397639 ("" (SKOLEM-TYPEPRED) (("" (LEMMA "TClock_4") (("" (INST -1 "Sample!1" "t!1") (("" (SKOSIMP) (("" (CASE "FORALL(i:nat|i t!1") (("1" (INST -1 "j!1-1") (("1" (SKOSIMP) (("1" (INST 1 "n!2") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (HIDE -3) (("2" (TYPEPRED "j!1") (("2" (EXPAND ">=" -1) (("2" (EXPAND "<=" -1) (("2" (SPLIT) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INDUCT "i") (("1" (GRIND) NIL NIL) ("2" (SKOLEM-TYPEPRED) (("2" (FLATTEN) (("2" (SKOLEM!) (("2" (TYPEPRED "j!1") (("2" (EXPAND ">=" -1) (("2" (CASE "Sample!1(n!2 + 1) < t!1 OR Sample!1(n!2 + 1) >= t!1") (("1" (SPLIT) (("1" (INST 1 "n!2+1") (("1" (GRIND) NIL NIL)) NIL) ("2" (INST?) (("2" (INST?) (("2" (INST?) (("2" (ASSERT) (("2" (FLATTEN) (("2" (GRIND) (("2" (CASE "Sample!1(1 + n!2) =t!1") (("1" (REVEAL 1) (("1" (INST * "1+n!2") (("1" (GRIND) (("1" (LEMMA "T_clock_gt") (("1" (INST * "Sample!1" "1+n!2" "2+n!2") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_T| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnint_plus_nnint_is_nnint| APPLICATION-JUDGEMENT "nonneg_int" |integers| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) NIL (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_nzint_is_nzint| APPLICATION-JUDGEMENT "nzint" |integers| NIL) (|minus_even_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|odd_minus_odd_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|even_minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|T_clock_gt| FORMULA-DECL NIL |TClocks| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|below_induction| FORMULA-DECL NIL |bounded_nat_inductions| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (|below| TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|TClock_4| FORMULA-DECL NIL |Held_For_T| NIL)) 476 335 NIL NIL) (|TClock_3-2| NIL 3397358275 3397358605 ("" (SKOSIMP) (("" (INST 1 "0" "floor(t!1/Tmin)+2") (("" (SPLIT) (("1" (TYPEPRED "Sample!1") (("1" (INST -1 "0") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval") (("2" (INST -1 "Sample!1" "1" "t!1") (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "1") (("2" (GRIND) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED ((|odd_plus_even_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nonneg_floor_is_nat| APPLICATION-JUDGEMENT "nat" |floor_ceil| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|odd_plus_odd_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|real_div_nzreal_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|Sample_Interval| FORMULA-DECL NIL |Held_For_T| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_T| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|floor| CONST-DECL "{i | i <= x & x bool]" |booleans| NIL) (|integer| NONEMPTY-TYPE-FROM-DECL NIL |integers| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL)) 385 66 T NIL) (|TClock_3-1| NIL 3397358180 3397358256 ("" (SKOSIMP) (("" (CASE "t!1<=Tmax OR t!1>Tmax") (("1" (SPLIT) (("1" (POSTPONE) NIL NIL) ("2" (LEMMA "TClock_2") (("2" (INST?) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) UNFINISHED NIL 5489 47 T SHOSTAK)) (|sampleExists| 0 (|sampleExists-3| NIL 3397414401 3397414405 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (LEMMA "TClock_1") (("" (INST?) (("" (INST - "t2!1") (("1" (SKOLEM!) (("1" (BDDSIMP) (("1" (EXPAND "<=" -1) (("1" (BDDSIMP) (("1" (INST + "n!1") (("1" (GRIND) NIL NIL)) NIL) ("2" (INST + "n!1-1") (("1" (INST - "n!1-1") (("1" (GRIND) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (CASE "n!1=0") (("1" (GRIND) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (CASE "n!1=0") (("1" (GRIND) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_T| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|TClock_1| FORMULA-DECL NIL |Held_For_T| NIL) (|t2!1| SKOLEM-CONST-DECL "time[K]" |Held_For_T| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|n!1| SKOLEM-CONST-DECL "nat" |Held_For_T| NIL)) 258 174 NIL NIL) (|sampleExists-2| NIL 3397414322 3397414380 (";;; Proof sampleExists-1 for formula Held_For_T.sampleExists" (SKOSIMP) (("" (CASE "FORALL (n: nat):FORALL( k: nat): Sample!1(n + k) <= Sample!1(n) + k * (K + TR)") (("1" (INST -1 "n!1") (("1" (INST -1 "k!1") NIL))) ("2" (HIDE 2) (("2" (SKOSIMP) (("2" (INDUCT "k") (("1" (GRIND) NIL) ("2" (SKOSIMP) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2+j!1") (("2" (GRIND) NIL)))))))))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 319 185 T NIL) (|sampleExists-1| NIL 3380627184 3395265911 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (LEMMA "TClock_1") (("" (INST?) (("" (INST - "t2!1") (("1" (SKOLEM!) (("1" (BDDSIMP) (("1" (EXPAND "<=" -1) (("1" (BDDSIMP) (("1" (INST + "n!1") (("1" (GRIND) NIL NIL)) NIL) ("2" (INST + "n!1-1") (("1" (INST - "n!1-1") (("1" (GRIND) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (CASE "n!1=0") (("1" (GRIND) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (CASE "n!1=0") (("1" (GRIND) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 165 155 T SHOSTAK)) (|Sample_Exists1| 0 (|Sample_Exists1-2| NIL 3383230401 3395265917 ("" (SKOSIMP) (("" (SKOSIMP) (("" (SKOSIMP) (("" (INST 1 "Sample1(tl!1)(t!1)(ns!1)") (("1" (SPLIT) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (GRIND) NIL NIL) ("4" (GRIND) NIL NIL) ("5" (SKOSIMP) (("5" (GRIND) NIL NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (SPLIT) (("1" (GRIND) NIL NIL) ("2" (CASE "n!1<=1 OR n!1>1 AND n!1<=ns!1 OR n!1=ns!1+1 OR n!1>ns!1") (("1" (SPLIT) (("1" (GRIND) (("1" (TYPEPRED "t!1") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) (("1" (TYPEPRED "t!1") (("1" (GRIND) NIL NIL)) NIL) ("2" (TYPEPRED "t!1") (("2" (GRIND) (("2" (TYPEPRED "tl!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (GRIND) NIL NIL) ("4" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("3" (CASE "n!1<=1 OR n!1>1 AND n!1<=ns!1 OR n!1=ns!1+1 OR n!1>ns!1") (("1" (SPLIT) (("1" (GRIND) (("1" (TYPEPRED "t!1") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) (("1" (TYPEPRED "t!1") (("1" (GRIND) NIL NIL)) NIL) ("2" (GRIND) (("2" (TYPEPRED "t!1") (("2" (TYPEPRED "tl!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (GRIND) NIL NIL) ("4" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 543 509 T NIL) (|Sample_Exists1-1| NIL 3383230370 3383230373 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 293 1 T SHOSTAK)) (FEASIBLE1 0 (FEASIBLE1-8 "" 3328793297 3395265969 ("" (SKOSIMP) (("" (EXPAND "Feasible") (("" (EXPAND "Tmax") (("" (SKOSIMP) (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (CASE "EXISTS (n:nat): Sample!1(n)<=Sample!1(n0!1)+duration!1+delta_R AND Sample!1(n+1)>Sample!1(n0!1)+duration!1+delta_R") (("1" (SKOSIMP) (("1" (INST 1 "n!1") (("1" (SPLIT) (("1" (TYPEPRED "Sample!1") (("1" (INST -1 "n0!1") (("1" (ASSERT) (("1" (FLATTEN) (("1" (EXPAND "Tmin") (("1" (EXPAND "Tmax") (("1" (CASE "Sample!1(n!1)>=duration!1+delta_R-Tmax+Sample!1(n0!1)") (("1" (CASE "t!1<=Sample!1(n0!1)+delta_R+delta_L-Tmax") (("1" (GRIND) NIL NIL) ("2" (HIDE 2 -1 -2 -5 -6) (("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -6 -7 -9 -8) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "TClock_1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL)) 5245 4927 T NIL) (FEASIBLE1-7 "" 3328793050 3328793269 ("" (SKOSIMP) (("" (EXPAND "Feasible") (("" (EXPAND "Tmax") (("" (SKOSIMP) (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (CASE "EXISTS (n:nat): Sample(n)<=Sample(n0!1)+duration!1+delta_R AND Sample(n+1)>Sample(n0!1)+duration!1+delta_R") (("1" (SKOSIMP) (("1" (INST 1 "n!1") (("1" (SPLIT) (("1" (TYPEPRED "Sample") (("1" (INST -1 "n0!1") (("1" (ASSERT) (("1" (FLATTEN) (("1" (EXPAND "Tmin") (("1" (EXPAND "Tmax") (("1" (CASE "Sample(n!1)>=duration!1+delta_R-Tmax+Sample(n0!1)") (("1" (CASE "t!1<=Sample(n0!1)+delta_R+delta_L-Tmax") (("1" (GRIND) NIL) ("2" (HIDE 2 -1 -2 -5 -6) (("2" (GRIND) NIL))))) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -6 -7 -9 -8) (("2" (TYPEPRED "Sample") (("2" (INST -1 "n!1") (("2" (GRIND) NIL))))))))))))))))))))))) ("2" (GRIND) NIL))))))) ("2" (HIDE 2) (("2" (LEMMA "TClock_1") (("2" (INST -1 "Sample(n0!1) + duration!1 + delta_R") (("2" (HIDE 2) (("2" (GRIND) NIL)))))))))))))))))))))) NIL) UNFINISHED NIL 205586 9950 T NIL) (FEASIBLE1-6 "" 3328792977 3328793034 ("" (SKOSIMP) (("" (EXPAND "Feasible") (("" (EXPAND "Tmax") (("" (SKOSIMP) (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (CASE "EXISTS (n:nat): Sample(n)<=Sample(n0!1)+duration!1+delta_R AND Sample(n+1)>Sample(n0!1)+duration!1+delta_R") (("1" (SKOSIMP) (("1" (INST 1 "n!1") (("1" (SPLIT) (("1" (TYPEPRED "Sample") (("1" (INST -1 "n0!1") (("1" (ASSERT) (("1" (FLATTEN) (("1" (EXPAND "Tmin") (("1" (EXPAND "Tmax") (("1" (CASE "Sample(n!1)>=duration!1+delta_R-Tmax+Sample(n0!1)") (("1" (CASE "t!1<=Sample(n0!1)+delta_R+delta_L-Tmax") (("1" (GRIND) NIL) ("2" (HIDE 2 -1 -2 -5 -6) (("2" (GRIND) NIL))))) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -6 -7 -9 -8) (("2" (TYPEPRED "Sample") (("2" (INST -1 "n!1") (("2" (GRIND) NIL))))))))))))))))))))))) ("2" (GRIND) NIL))))))) ("2" (HIDE 2) (("2" (LEMMA "TClock_1") (("2" (INST -1 "Sample(n0!1) + duration!1 + delta_R") (("2" (HIDE 2) (("2" (GRIND) NIL)))))))))))))))))))))) NIL) UNFINISHED NIL 35344 2420 T NIL) (FEASIBLE1-5 "" 3328792282 3328792960 ("" (SKOSIMP) (("" (EXPAND "Feasible") (("" (EXPAND "Tmax") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (CASE "EXISTS (n:nat): Sample(n)<=Sample(n0!1)+duration!1+delta_R AND Sample(n+1)>Sample(n0!1)+duration!1+delta_R") (("1" (SKOSIMP) (("1" (INST 1 "n!1") (("1" (SPLIT) (("1" (TYPEPRED "Sample") (("1" (INST -1 "n0!1") (("1" (ASSERT) (("1" (FLATTEN) (("1" (EXPAND "Tmin") (("1" (EXPAND "Tmax") (("1" (CASE "Sample(n!1)>=duration!1+delta_R-Tmax+Sample(n0!1)") (("1" (CASE "t!1<=Sample(n0!1)+delta_R+delta_L-Tmax") (("1" (GRIND) NIL) ("2" (HIDE 2 -1 -2 -5 -6) (("2" (GRIND) NIL))))) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -6 -7 -9 -8) (("2" (TYPEPRED "Sample") (("2" (INST -1 "n!1") (("2" (GRIND) NIL))))))))))))))))))))))) ("2" (GRIND) NIL))))))) ("2" (HIDE 2) (("2" (LEMMA "TClock_1") (("2" (INST -1 "Sample(n0!1) + duration!1 + delta_R") (("2" (HIDE 2) (("2" (GRIND) NIL)))))))))))))))))))) NIL) UNFINISHED NIL 360714 1850 T NIL) (FEASIBLE1-4 "" 3328792273 NIL ("" (SKOSIMP) (("" (EXPAND "Feasible") (("" (EXPAND "Tmax") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (CASE "EXISTS (n:nat): Sample(n)<=Sample(n0!1)+duration!1+delta_R AND Sample(n+1)>Sample(n0!1)+duration!1+delta_R") (("1" (SKOSIMP) (("1" (INST 1 "n!1") (("1" (SPLIT) (("1" (TYPEPRED "Sample") (("1" (INST -1 "n0!1") (("1" (ASSERT) (("1" (FLATTEN) (("1" (EXPAND "Tmin") (("1" (EXPAND "Tmax") (("1" (CASE "Sample(n!1)>=duration!1+delta_R-Tmax+Sample(n0!1)") (("1" (CASE "t!1<=Sample(n0!1)+delta_R+delta_L-Tmax") (("1" (GRIND) NIL) ("2" (HIDE 2 -1 -2 -5 -6) (("2" (GRIND) NIL))))) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -6 -7 -9 -8) (("2" (TYPEPRED "Sample") (("2" (INST -1 "n!1") (("2" (GRIND) NIL))))))))))))))))))))))) ("2" (GRIND) NIL))))))) ("2" (HIDE 2) (("2" (LEMMA "TClock_1") (("2" (INST -1 "Sample(n0!1) + duration!1 + delta_R") (("2" (HIDE 2) (("2" (GRIND) NIL)))))))))))))))))))) NIL) UNCHECKED NIL NIL NIL NIL NIL) (FEASIBLE1-3 "" 3328792087 3328792258 ("" (SKOSIMP) (("" (EXPAND "Feasible") (("" (EXPAND "Tmax") (("" (SKOSIMP) (("" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 164003 100 T SHOSTAK) (FEASIBLE1-2 NIL 3328792072 NIL ("" (SKOSIMP) (("" (EXPAND "Feasible") (("" (EXPAND "Tmax") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (CASE "EXISTS (n:nat): Sample(n)<=Sample(n0!1)+duration!1+delta_R AND Sample(n+1)>Sample(n0!1)+duration!1+delta_R") (("1" (SKOSIMP) (("1" (INST 1 "n!1") (("1" (SPLIT) (("1" (TYPEPRED "Sample") (("1" (INST -1 "n0!1") (("1" (ASSERT) (("1" (FLATTEN) (("1" (EXPAND "Tmin") (("1" (EXPAND "Tmax") (("1" (CASE "Sample(n!1)>=duration!1+delta_R-Tmax+Sample(n0!1)") (("1" (CASE "t!1<=Sample(n0!1)+delta_R+delta_L-Tmax") (("1" (GRIND) NIL) ("2" (HIDE 2 -1 -2 -5 -6) (("2" (GRIND) NIL))))) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -6 -7 -9 -8) (("2" (TYPEPRED "Sample") (("2" (INST -1 "n!1") (("2" (GRIND) NIL))))))))))))))))))))))) ("2" (GRIND) NIL))))))) ("2" (HIDE 2) (("2" (LEMMA "TClock_1") (("2" (INST -1 "Sample(n0!1) + duration!1 + delta_R") (("2" (HIDE 2) (("2" (GRIND) NIL)))))))))))))))))))) NIL) UNCHECKED NIL NIL NIL NIL NIL) (FEASIBLE1-1 NIL 3328791021 3328791024 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 3233 150 NIL SHOSTAK)) (FLOOR_REAL1 0 (FLOOR_REAL1-1 NIL 3380036143 3395265970 ("" (GRIND) NIL NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 20 19 T SHOSTAK)) (FLOOR_REAL2 0 (FLOOR_REAL2-1 NIL 3380036331 3395265970 ("" (GRIND) NIL NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 11 9 T SHOSTAK)) (FLOOR_REAL3 0 (FLOOR_REAL3-1 NIL 3380037181 3395265971 ("" (SKOSIMP) (("" (BOTH-SIDES "*" "c!1" -1) (("" (BOTH-SIDES "/" "a!1" -1) (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 94 87 T SHOSTAK)) (FLOOR_REAL4 0 (FLOOR_REAL4-1 NIL 3380040296 3395265972 ("" (GRIND) (("" (BOTH-SIDES "*" "c!1" -6) (("" (GRIND) (("" (BOTH-SIDES "/" "a!1" -6) (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 154 143 T SHOSTAK)) (FLOOR_TRUTH 0 (FLOOR_TRUTH-1 NIL 3328794797 3395265973 ("" (SKOSIMP) (("" (TYPEPRED "duration!1") (("" (EXPAND "Tmax") (("" (CASE "(duration!1-delta_L)/(K+TR)>0") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (CASE "duration!1-delta_L>0") (("1" (CASE "K+TR>0") (("1" (GRIND) (("1" (BOTH-SIDES "*" "K+TR" 1) (("1" (CASE "(duration!1 - delta_L) / (K + TR) * (K + TR)=duration!1 - delta_L") (("1" (REPLACE -1 * LR) (("1" (GRIND) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (NAME-REPLACE "k!1" "K+TR") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL)) 130 122 T NIL)) (FLOOR_TRUTH1 0 (FLOOR_TRUTH1-1 NIL 3379783270 3395265974 ("" (SKOLEM-TYPEPRED) (("" (TYPEPRED "floor((duration!1 - delta_L) / Tmin)") (("" (LEMMA "posreal_div_posreal_is_posreal") (("" (INST?) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 35 32 T SHOSTAK)) (FLOOR_COMMON_TCC1 0 (FLOOR_COMMON_TCC1-1 NIL 3383230019 3395265974 ("" (SUBTYPE-TCC) NIL NIL) UNCHECKED ((|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 34 31 NIL NIL)) (FLOOR_COMMON 0 (FLOOR_COMMON-1 NIL 3383230474 3395265975 ("" (SKOSIMP) (("" (SPLIT) (("1" (CASE "(duration!1 - delta_L) / t!1>1") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (CASE "duration!1 - delta_L> t!1 ") (("1" (GRIND) (("1" (LEMMA "div_mult_pos_lt1") (("1" (INST -1 "t!1" "1" "duration!1 - delta_L") (("1" (GRIND) NIL NIL) ("2" (GRIND) (("2" (TYPEPRED "t!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (GRIND) (("2" (TYPEPRED "t!1") (("2" (TYPEPRED "duration!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "(duration!1 + delta_R) / t!1>1") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (CASE "duration!1 + delta_R> t!1") (("1" (LEMMA "div_mult_pos_lt1") (("1" (INST -1 "t!1" "1" "duration!1 + delta_R") (("1" (GRIND) NIL NIL) ("2" (TYPEPRED "t!1") (("2" (TYPEPRED "duration!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) (("2" (TYPEPRED "t!1") (("2" (TYPEPRED "duration!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 53 50 T NIL)) (CEILING_COMMON 0 (CEILING_COMMON-1 NIL 3384376350 3395265975 ("" (LEMMA "FLOOR_COMMON") (("" (SKOSIMP) (("" (INST?) (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 17 15 T SHOSTAK)) (FEASIBLE2 0 (FEASIBLE2-3 NIL 3328793477 3395265980 ("" (SKOSIMP) (("" (EXPAND "Tmax") (("" (EXPAND "Tmin") (("" (EXPAND "Feasible") (("" (SKOSIMP) (("" (NAME-REPLACE "k" "floor((duration!1 - delta_L) / (K - TL))") (("" (REPLACE -1 * LR) (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (INST 1 "n0!1+k+2") (("1" (SPLIT) (("1" (CASE "Sample!1(n0!1 + k + 2) >= Sample!1(n0!1 + 1) + duration!1 - delta_L") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval") (("2" (INST -1 "Sample!1" "n0!1+1" "duration!1-delta_L") (("2" (EXPAND "Tmin") (("2" (REVEAL -2) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "duration!1") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "Sample!1(n0!1+k)-t!1<=k*(K+TR)") (("1" (CASE "Sample!1(n0!1+k+2)<=Sample!1(n0!1+k)+2*(K+TR)") (("1" (ASSERT) NIL NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -5 -6) (("2" (TYPEPRED "Sample!1") (("2" (TYPEPRED "Sample!1") (("2" (INST -2 "n0!1+k") (("1" (INST -1 "n0!1+k+1") (("1" (GRIND) NIL NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "duration!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (REVEAL -7) (("2" (GRIND) (("2" (HIDE -1) (("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "duration!1") (("2" (REVEAL -7) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "duration!1") (("3" (GRIND) NIL NIL)) NIL)) NIL) ("4" (LEMMA "FLOOR_TRUTH") (("4" (INST -1 "duration!1") (("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "k") (("1" (GRIND) NIL NIL) ("2" (GRIND) (("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "duration!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "duration!1") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) (("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "duration!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL)) 549 514 T NIL) (FEASIBLE2-2 NIL 3328793443 3328793452 ("" (SKOSIMP) (("" (EXPAND "Tmax") (("" (EXPAND "Tmin") (("" (EXPAND "Feasible") (("" (NAME-REPLACE "k" "floor((duration!1 - delta_L) / (K - TL))") (("1" (REPLACE -1 * LR) (("1" (SKOSIMP) (("1" (TYPEPRED "t!1") (("1" (INST 1 "n0!1+k+2") (("1" (SPLIT) (("1" (CASE "Sample(n0!1 + k + 2) >= Sample(n0!1 + 1) + duration!1 - delta_L") (("1" (GRIND) NIL) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval") (("2" (INST -1 "n0!1+1" "duration!1-delta_L") (("2" (EXPAND "Tmin") (("2" (REVEAL -2) (("2" (GRIND) NIL))))))))))) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "duration!1") (("3" (GRIND) NIL))))))) ("2" (CASE "Sample(n0!1+k)-t!1<=k*(K+TR)") (("1" (CASE "Sample(n0!1+k+2)<=Sample(n0!1+k)+2*(K+TR)") (("1" (ASSERT) NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -5 -6) (("2" (TYPEPRED "Sample") (("2" (TYPEPRED "Sample") (("2" (INST -2 "n0!1+k") (("1" (INST -1 "n0!1+k+1") (("1" (GRIND) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "duration!1") (("2" (GRIND) (("2" (REVEAL -7) (("2" (GRIND) NIL))))))))))) ("2" (HIDE -1) (("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "duration!1") (("2" (REVEAL -7) (("2" (GRIND) NIL))))))))))))))))))) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "duration!1") (("3" (GRIND) NIL))))) ("4" (LEMMA "FLOOR_TRUTH") (("4" (INST -1 "duration!1") (("4" (GRIND) NIL))))))) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "n0!1" "k") (("1" (GRIND) NIL) ("2" (GRIND) (("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "duration!1") (("2" (GRIND) NIL))))))))))))) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "duration!1") (("3" (GRIND) NIL))))))))) ("2" (GRIND) (("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "duration!1") (("2" (GRIND) NIL))))))))))))))) ("2" (GRIND) NIL)))))))))) NIL) UNFINISHED NIL 7753 2130 T NIL) (FEASIBLE2-1 NIL 3328793390 3328793402 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 12110 120 T SHOSTAK)) (|Kmin_TCC1| 0 (|Kmin_TCC1-1| NIL 3382178578 3395265981 ("" (SKOLEM-TYPEPRED) (("" (LEMMA "nonneg_floor_is_nat") (("" (INST?) (("" (TYPEPRED "Tmax[K, TL, TR]") (("" (ASSERT) (("" (LEMMA "nnreal_div_posreal_is_nnreal") (("" (INST?) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 37 35 T NIL)) (|Kmax_TCC1| 0 (|Kmax_TCC1-1| NIL 3382178578 3395265981 ("" (SKOLEM-TYPEPRED) (("" (LEMMA "nonneg_floor_is_nat") (("" (INST?) (("" (LEMMA "nnreal_div_posreal_is_nnreal") (("" (INST?) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 11 10 T NIL)) (|TminAndKmax| 0 (|TminAndKmax-1| NIL 3382179624 3395265993 ("" (SKOLEM-TYPEPRED) (("" (EXPAND* "Kmin" "Kmax") (("" (SPLIT) (("1" (FLATTEN) (("1" (SPLIT) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmin)") (("1" (BOTH-SIDES "*" "Tmin[K, TL, TR]" -2) (("1" (LEMMA "div_cancel2") (("1" (INST? -) (("1" (REPLACE -1 *) (("1" (BOTH-SIDES "/" "(1 + floor((d!1 - delta_L)/Tmin))" -3) (("1" (LEMMA "div_cancel1") (("1" (INST - "(1 + floor((d!1 - delta_L) / Tmin))" "Tmin") (("1" (REPLACE -1 *) (("1" (BOTH-SIDES "+" "1" -5) (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -4) (("2" (LEMMA "both_sides_div_pos_lt1") (("2" (INST?) (("1" (BDDSIMP) NIL NIL) ("2" (LEMMA "nonneg_floor_is_nat") (("2" (INST?) (("1" (ASSERT) NIL NIL) ("2" (LEMMA "nnreal_div_posreal_is_nnreal") (("2" (INST?) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (FLATTEN) (("2" (REPLACE -1 *) (("2" (BOTH-SIDES "*" "(1 + floor((d!1 - delta_L) / Tmax))" +) (("1" (LEMMA "div_cancel2") (("1" (INST?) (("1" (REPLACE -1 * LR) (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "div_mult_pos_ge2") (("2" (INST?) (("1" (BDDSIMP) NIL NIL) ("2" (LEMMA "nonneg_floor_is_nat") (("2" (INST?) (("1" (ASSERT) NIL NIL) ("2" (LEMMA "nnreal_div_posreal_is_nnreal") (("2" (INST?) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (FLATTEN) (("2" (TYPEPRED "floor((d!1 - delta_L) / Tmin)") (("2" (EXPAND ">=" -3) (("2" (EXPAND "<=" -3) (("2" (SPLIT) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (BOTH-SIDES "*" "(1 + floor((d!1 - delta_L) / Tmax))" -3) (("1" (LEMMA "div_cancel2") (("1" (INST?) (("1" (REPLACE -1 * :HIDE? T) (("1" (BOTH-SIDES "/" "Tmin" -3) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmin" "(1 + floor((d!1 - delta_L) / Tmax))") (("1" (REPLACE -1 * :HIDE? T) (("1" (LEMMA "both_sides_div_pos_le2") (("1" (INST?) (("1" (INST - "Tmin") (("1" (HIDE 2) (("1" (BDDSIMP) (("1" (CASE "floor((d!1 - delta_L) / Tmax)<=floor((d!1 - delta_L) / Tmin)") (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "div_mult_pos_lt1") (("2" (INST?) (("1" (BDDSIMP) NIL NIL) ("2" (LEMMA "nonneg_floor_is_nat") (("2" (INST?) (("1" (ASSERT) NIL NIL) ("2" (LEMMA "nnreal_div_posreal_is_nnreal") (("2" (INST?) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BOTH-SIDES "*" "(1 + floor((d!1 - delta_L) / Tmax))" -1) (("1" (LEMMA "div_cancel2") (("1" (INST?) (("1" (REPLACE -1 * LR) (("1" (BDDSIMP) (("1" (HIDE -1) (("1" (BOTH-SIDES "/" "Tmin" -) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmin" "(1 + floor((d!1 - delta_L) / Tmax))") (("1" (REPLACE -1 * LR) (("1" (LEMMA "floor_int") (("1" (INST - "(d!1 - delta_L) / Tmin") (("1" (REPLACE -1 * LR) (("1" (LEMMA "div_cancel2") (("1" (INST?) NIL NIL)) NIL)) NIL) ("2" (TYPEPRED "(1 + floor((d!1 - delta_L) / Tmax))") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (HIDE -1) (("2" (BOTH-SIDES "/" "Tmin" -) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmin" "(1 + floor((d!1 - delta_L) / Tmax))") (("1" (REPLACE -1 * :HIDE? T) (("1" (LEMMA "floor_int") (("1" (INST - "(d!1 - delta_L) / Tmin") (("1" (GRIND) NIL NIL) ("2" (TYPEPRED "(1 + floor((d!1 - delta_L) / Tmax))") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 1196 1121 T SHOSTAK)) (FEASIBLE21_NEW 0 (FEASIBLE21_NEW-1 NIL 3379437836 3395265998 ("" (SKOSIMP) (("" (EXPAND "Tmax") (("" (EXPAND "Tmin") (("" (EXPAND "NewFeasible") (("" (SKOSIMP) (("" (NAME-REPLACE "k" "floor((d!1-delta_L)/(K-TL))") (("" (SKOSIMP) (("" (ASSERT) (("" (INST 1 "n0!1+k+2") (("1" (SKOSIMP) (("1" (SPLIT) (("1" (CASE "Sample!1(n0!1 + k + 2) >= Sample!1(n0!1 + 1) + d!1 - delta_L") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval") (("2" (INST -1 "Sample!1" "n0!1+1" "d!1-delta_L") (("2" (EXPAND "Tmin") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "Sample!1(n0!1+k)-t!1<=k*(K+TR)") (("1" (CASE "Sample!1(n0!1+k+2)<=Sample!1(n0!1+k)+2*(K+TR)") (("1" (ASSERT) NIL NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -5) (("2" (TYPEPRED "Sample!1") (("2" (TYPEPRED "Sample!1") (("2" (INST -2 "n0!1+k") (("1" (INST -1 "n0!1+k+1") (("1" (GRIND) NIL NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL NIL)) NIL)) NIL) ("4" (LEMMA "FLOOR_TRUTH") (("4" (INST -1 "d!1") (("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "k") (("1" (GRIND) NIL NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL)) 496 466 T SHOSTAK)) (FEASIBLE21_NEW1 0 (FEASIBLE21_NEW1-3 NIL 3381944632 3395266003 ("" (SKOSIMP) (("" (EXPAND "NewFeasible") (("" (SKOSIMP) (("" (SKOSIMP) (("" (INST 1 "n0!1+floor((d!1 - delta_L) / Tmax) + 2") (("1" (SKOSIMP) (("1" (ASSERT) (("1" (SPLIT) (("1" (CASE "Sample!1(1 + floor((d!1 - delta_L) / Tmin) + n0!1) - t!1 >=d!1 - delta_L") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (HIDE -3) (("2" (CASE "Sample!1(1 + floor((d!1 - delta_L) / Tmin) + n0!1)-Sample!1(1 + n0!1)>=floor((d!1 - delta_L) / Tmin)*Tmin") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "1 + n0!1" "floor((d!1 - delta_L) / Tmin)") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (LEMMA "FLOOR_TRUTH1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH1") (("3" (INST?) (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (NAME-REPLACE "kmin" "floor((d!1 - delta_L) / Tmax)") (("2" (CASE "Sample!1(n0!1+kmin)-t!1<=kmin*(K+TR)") (("1" (CASE "Sample!1(n0!1+kmin+2)<=Sample!1(n0!1+kmin)+2*(K+TR)") (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1+kmin" "2") (("2" (HIDE 2) (("2" (TYPEPRED "n0!1") (("2" (TYPEPRED "kmin") (("2" (CASE "kmin>=0") (("1" (GRIND) NIL NIL) ("2" (HIDE 1) (("2" (EXPAND "kmin") (("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (HIDE 2) (("3" (EXPAND "kmin") (("3" (LEMMA "FLOOR_TRUTH") (("3" (INST?) (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("4" (HIDE 2) (("4" (EXPAND "kmin") (("4" (LEMMA "FLOOR_TRUTH") (("4" (INST?) (("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "kmin") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (EXPAND "kmin") (("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (EXPAND "kmin") (("3" (LEMMA "FLOOR_TRUTH") (("3" (INST?) (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL)) 538 505 T NIL) (FEASIBLE21_NEW1-2 NIL 3381944400 3381944611 ("" (SKOSIMP) (("" (EXPAND "NewFeasible") (("" (SKOSIMP) (("" (SKOSIMP) (("" (INST 1 "floor((d!1 - delta_L) / Tmin)+2") (("1" (SKOSIMP) (("1" (CASE "t!1<=Tmin") (("1" (TYPEPRED "t!1") (("1" (CASE "t!1-Sample!1(n0!1)<=Tmin") (("1" (SPLIT) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 17661 725 T NIL) (FEASIBLE21_NEW1-1 NIL 3381940813 3381944346 ("" (SKOSIMP) (("" (EXPAND "NewFeasible") (("" (SKOSIMP) (("" (SKOSIMP) (("" (INST 1 "floor((d!1 - delta_L) / Tmin)+2") (("1" (SKOSIMP) (("1" (SPLIT) (("1" (POSTPONE) NIL NIL) ("2" (LEMMA "Sample_Interval3") (("2" (INST?) (("1" (ASSERT) (("1" (CASE "Sample!1(2 + floor((d!1 - delta_L) / Tmin))<=d!1+delta_R") (("1" (CASE "t!1>=0") (("1" (GRIND) NIL NIL) ("2" (TYPEPRED "t!1") (("2" (PROPAX) NIL NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (HIDE 2) (("2" (CASE "Sample!1(floor((d!1 - delta_L) / Tmin))=floor((d!1 - delta_L) / Tmin) * Tmin") (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("3" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 106335 1697 T SHOSTAK)) (FEASIBLE21_NEW2 0 (FEASIBLE21_NEW2-1 NIL 3382260075 3395266004 ("" (SKOSIMP) (("" (LEMMA "TminAndKmax") (("" (INST?) (("" (ASSERT) (("" (SPLIT) (("1" (LEMMA "FEASIBLE21_NEW") (("1" (INST?) (("1" (ASSERT) (("1" (HIDE 2) (("1" (EXPAND "Kmax") (("1" (EXPAND "Kmin") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "FEASIBLE21_NEW1") (("2" (INST?) (("2" (ASSERT) (("2" (EXPAND "Kmax") (("2" (EXPAND "Kmin") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 139 131 T SHOSTAK)) (|lt_leq_prop| 0 (|lt_leq_prop-1| NIL 3380877294 3395266005 ("" (SKOLEM!) (("" (FLATTEN) (("" (CASE "t!1+Tmax >t1!1") (("1" (INST-CP - "0") (("1" (ASSERT) (("1" (INST - "t1!1-t!1+(Tmax +t!1 - t1!1)/2") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 50 46 T SHOSTAK)) (|NewFeasibleAnddMinusDeltaL| 0 (|NewFeasibleAnddMinusDeltaL-1| NIL 3380872443 3395266020 ("" (SKOLEM!) (("" (FLATTEN) (("" (SKOLEM!) (("" (EXPAND "NewFeasible") (("" (SIMPLIFY) (("" (ASSERT) (("" (CASE "FORALL (x:{x:nnreal|xTmax") (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "max(x!1, Tmin) - Tmax + Tmax * n!2 >= Tmax+n!1*Tmax") (("1" (BOTH-SIDES "/" "Tmax" -1) (("1" (ASSERT) (("1" (CASE "Tmax>max(x!1,Tmin)") (("1" (ASSERT) (("1" (CASE "max(x!1, Tmin) /Tmax<1") (("1" (ASSERT) (("1" (CASE "n!1+1<=n!2") (("1" (CASE "n!1 + 1 < n!2 OR n!1 + 1 = n!2") (("1" (SPLIT) (("1" (HIDE -2) (("1" (CASE "max(x!1, Tmin)+d!1-delta_L <= d!1 + delta_R") (("1" (HIDE 1 3) (("1" (REVEAL -4) (("1" (LIFT-IF) (("1" (ASSERT) (("1" (SIMPLIFY) (("1" (TYPEPRED "n!1") (("1" (CASE "FORALL (t: time[K] | t >= IF 0 <= n!1 THEN 0 * Tmax ELSE max(x!1, Tmin) - Tmax ENDIF AND t <= IF 1 <= n!1 THEN Tmax ELSE max(x!1, Tmin) ENDIF): max(x!1, Tmin) - t - Tmax + Tmax * n!2 >= d!1 - delta_L AND max(x!1, Tmin) - t - Tmax + Tmax * n!2 <= d!1 + delta_R") (("1" (HIDE -3) (("1" (INST -1 "0") (("1" (ASSERT) (("1" (CASE "n!2>=n!1+2") (("1" (ASSERT) (("1" (CASE "max(x!1,Tmin)>=x!1") (("1" (ASSERT) (("1" (BOTH-SIDES "*" "Tmax" -2) (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (INST -2 "t!1") (("2" (ASSERT) (("2" (SIMPLIFY) (("2" (TYPEPRED "t!1") (("2" (CASE "t!1>0 or t!1=0") (("1" (SPLIT) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) (("2" (REPLACE -1 * LR) (("2" (SIMPLIFY) (("2" (REVEAL -1) (("2" (CASE "max(x!1, Tmin) - Tmax + Tmax * n!2 > d!1 + delta_R") (("1" (INST -2 "(max(x!1, Tmin) - Tmax + Tmax * n!2 -(d!1 + delta_R))/2") (("1" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "(n!1+2)*Tmax<=n!2*Tmax") (("1" (ASSERT) NIL NIL) ("2" (CASE "n!1+2<=n!2") (("1" (ASSERT) (("1" (BOTH-SIDES "*" "Tmax" -1) (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (BOTH-SIDES "/" "Tmax" -1) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "x!1> Tmin OR x!1=Tmin OR x!1Sample!1(n0!1)+d!1+delta_R") (("1" (SKOSIMP) (("1" (INST 1 "n!1") (("1" (SKOSIMP) (("1" (SPLIT) (("1" (CASE "t!1<=Sample!1(n0!1)+delta_R+delta_L-Tmax") (("1" (CASE "Sample!1(n!1)>=d!1+delta_R-Tmax+Sample!1(n0!1)") (("1" (EXPAND "Tmax") (("1" (GRIND) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (EXPAND "Tmax") (("2" (GRIND) (("2" (TYPEPRED "t!1") (("2" (GRIND) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n0!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "TClock_1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "TClock_1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL)) 204 192 T SHOSTAK)) (FEASIBLE21_STRONGEST 0 (FEASIBLE21_STRONGEST-1 NIL 3379520193 3395266028 ("" (SKOSIMP) (("" (EXPAND "Tmin") (("" (EXPAND "Tmax") (("" (EXPAND "Feasible_Strongest") (("" (NAME-REPLACE "k" "floor((d!1 - delta_L) / (K - TL))") (("" (INST 1 "k+2") (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (SPLIT) (("1" (CASE "Sample!1(n0!1 + k + 2) >= Sample!1(n0!1 + 1) + d!1 - delta_L") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval") (("2" (INST -1 "Sample!1" "n0!1+1" "d!1-delta_L") (("2" (EXPAND "Tmin") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "Sample!1(n0!1+k)-t!1<=k*(K+TR)") (("1" (CASE "Sample!1(n0!1+k+2)<=Sample!1(n0!1+k)+2*(K+TR)") (("1" (ASSERT) NIL NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -5) (("2" (TYPEPRED "Sample!1") (("2" (TYPEPRED "Sample!1") (("2" (INST -2 "n0!1+k") (("1" (INST -1 "n0!1+k+1") (("1" (GRIND) NIL NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL NIL)) NIL)) NIL) ("4" (LEMMA "FLOOR_TRUTH") (("4" (INST -1 "d!1") (("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "k") (("1" (GRIND) NIL NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL)) 565 531 T SHOSTAK)) (FLOOR_TRUTH2 0 (FLOOR_TRUTH2-2 "" 3380037040 3395266040 ("" (SKOSIMP) (("" (CASE "floor((d!1 - delta_L) / Tmin) > floor((d!1 - delta_L) / Tmax) OR floor((d!1 - delta_L) / Tmin) = floor((d!1 - delta_L) / Tmax) OR floor((d!1 - delta_L) / Tmin) < floor((d!1 - delta_L) / Tmax)") (("1" (SPLIT) (("1" (HIDE 1) (("1" (CASE "exists (t:time|t<=Tmax AND t>=Tmin): floor((d!1 - delta_L) / t)=(d!1 - delta_L) / t") (("1" (SKOSIMP) (("1" (INST -3 "t!1") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (HIDE -2) (("2" (INST 1 "(d!1-delta_L)/floor((d!1 - delta_L) / Tmin)") (("1" (HIDE -1) (("1" (GRIND) (("1" (CASE "(d!1 - delta_L) /((d!1 - delta_L) / floor((d!1 - delta_L) / (K -TL)))=floor((d!1 - delta_L) / (K -TL))") (("1" (REPLACE -1 * LR) (("1" (ASSERT) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SPLIT) (("1" (HIDE -1) (("1" (GRIND) (("1" (TYPEPRED "d!1") (("1" (GRIND) (("1" (LEMMA "FLOOR_TRUTH1") (("1" (INST -1 "d!1") (("1" (GRIND) (("1" (BOTH-SIDES "*" "floor((d!1 - delta_L) / (K - TL))" 1) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) (("2" (LEMMA "FLOOR_REAL2") (("2" (INST -1 "(d!1 - delta_L) / (K - TL)" "(d!1 - delta_L) / (K + TR)") (("1" (ASSERT) (("1" (HIDE -2) (("1" (LEMMA "FLOOR_REAL3") (("1" (INST -1 "floor((d!1 - delta_L) / (K - TL))" "(K + TR)" "(d!1 - delta_L)") (("1" (GRIND) NIL NIL) ("2" (SPLIT) (("1" (LEMMA "FLOOR_TRUTH1") (("1" (GRIND) NIL NIL)) NIL) ("2" (LEMMA "FLOOR_TRUTH1") (("2" (GRIND) (("2" (CASE "(d!1 - delta_L) / (K + TR)>0") (("1" (GRIND) NIL NIL) ("2" (HIDE -1 -2 2 3) (("2" (CASE "d!1-delta_L>0") (("1" (CASE "K+TR>0") (("1" (BOTH-SIDES "/" "K+TR" -2) (("1" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (TYPEPRED "d!1") (("2" (TYPEPRED "delta_L") (("2" (GRIND) (("2" (TYPEPRED "TR") (("2" (TYPEPRED "K") (("2" (GRIND) (("2" (CASE "d!1-delta_L>0") (("1" (CASE "K+TR>0") (("1" (BOTH-SIDES "/" "K+TR" -2) (("1" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (CASE "d!1-delta_L>0") (("1" (CASE "K-TL>0") (("1" (BOTH-SIDES "/" "K-TL" -2) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (GRIND) (("3" (GRIND) (("3" (HIDE -1) (("3" (CASE "floor((d!1 - delta_L) / (K - TL)) <= (d!1 - delta_L) / (K - TL)") (("1" (GRIND) (("1" (LEMMA "FLOOR_REAL4") (("1" (INST -1 "floor((d!1 - delta_L) / (K - TL))" "K-TL" "d!1 - delta_L") (("1" (GRIND) NIL NIL) ("2" (ASSERT) (("2" (GRIND) (("1" (LEMMA "FLOOR_TRUTH1") (("1" (GRIND) (("1" (REVEAL -3) (("1" (CASE "floor((d!1 - delta_L) / (K + TR))>=0") (("1" (GRIND) NIL NIL) ("2" (HIDE 2 3) (("2" (LEMMA "FLOOR_TRUTH") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "FLOOR_TRUTH1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) (("2" (HIDE 2) (("2" (NAME-REPLACE "z!1" "(d!1 - delta_L) / (K - TL)") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("3" (GRIND) NIL NIL)) NIL)) NIL) ("2" (PROPAX) NIL NIL) ("3" (HIDE -2 1) (("3" (GRIND) (("3" (NAME-REPLACE "a!1" "(d!1 - delta_L) / (K - TL)") (("3" (NAME-REPLACE "a!2" "(d!1 - delta_L) / (K + TR)") (("3" (GRIND) (("3" (CASE "a!1>a!2") (("1" (GRIND) NIL NIL) ("2" (HIDE -1) (("2" (GRIND) (("2" (REVEAL -2 -3) (("2" (GRIND) (("2" (CASE "(d!1 - delta_L) / (K - TL)>(d!1- delta_L) / (K + TR)") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2) (("2" (GRIND) (("2" (TYPEPRED "TL") (("2" (TYPEPRED "TR") (("2" (CASE "1/(K-TL)>1/(K+TR)") (("1" (GRIND) (("1" (CASE "d!1-delta_L>0") (("1" (CASE "FORALL (a,b,c:posreal): 1/b>1/c IMPLIES a/b >a/c") (("1" (INST -1 "d!1 - delta_L" "K - TL" "K + TR") (("1" (GRIND) NIL NIL)) NIL) ("2" (HIDE -1 -2 -3 -4 -5 -6 2) (("2" (GRIND) (("2" (BOTH-SIDES "/" "a!3" 1) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) (("2" (HIDE 2) (("2" (GRIND) (("2" (CASE "K+TR>K-TL") (("1" (GRIND) (("1" (CASE "FORALL (a,b:posreal): a>b IMPLIES 1/b > 1/a") (("1" (GRIND) NIL NIL) ("2" (HIDE -1 -2 -3 -4 -5 2) (("2" (GRIND) (("2" (BOTH-SIDES "/" "b!1" -5) (("1" (BOTH-SIDES "/" "a!3" -5) (("1" (GRIND) NIL NIL) ("2" (GRIND) (("2" (BOTH-SIDES "*" "a!3" -1) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BDDSIMP) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL)) 1172 1101 T SHOSTAK) (FLOOR_TRUTH2-1 NIL 3379877634 3380028180 ("" (SKOSIMP) (("" (CASE "floor((d!1 - delta_L) / Tmin) > floor((d!1 - delta_L) / Tmax) OR floor((d!1 - delta_L) / Tmin) = floor((d!1 - delta_L) / Tmax) OR floor((d!1 - delta_L) / Tmin) < floor((d!1 - delta_L) / Tmax)") (("1" (SPLIT) (("1" (HIDE 1) (("1" (CASE "exists (t:time|t<=Tmax AND t>=Tmin): floor((d!1 - delta_L) / t)=(d!1 - delta_L) / t") (("1" (SKOSIMP) (("1" (INST -3 "t!1") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (HIDE -2) (("2" (INST 1 "(d!1-delta_L)/floor((d!1 - delta_L) / Tmin)") (("1" (HIDE -1) (("1" (GRIND) (("1" (CASE "(d!1 - delta_L) /((d!1 - delta_L) / floor((d!1 - delta_L) / (K -TL)))=floor((d!1 - delta_L) / (K -TL))") (("1" (REPLACE -1 * LR) (("1" (ASSERT) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SPLIT) (("1" (HIDE -1) (("1" (GRIND) (("1" (TYPEPRED "d!1") (("1" (GRIND) (("1" (LEMMA "FLOOR_TRUTH1") (("1" (INST -1 "d!1") (("1" (GRIND) (("1" (BOTH-SIDES "*" "floor((d!1 - delta_L) / (K - TL))" 1) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) (("2" (POSTPONE) NIL NIL)) NIL) ("3" (POSTPONE) NIL NIL)) NIL) ("3" (POSTPONE) NIL NIL)) NIL)) NIL) ("3" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (PROPAX) NIL NIL) ("3" (HIDE -2 1) (("3" (GRIND) (("3" (NAME-REPLACE "a!1" "(d!1 - delta_L) / (K - TL)") (("3" (NAME-REPLACE "a!2" "(d!1 - delta_L) / (K + TR)") (("3" (GRIND) (("3" (CASE "a!1>a!2") (("1" (GRIND) NIL NIL) ("2" (HIDE -1) (("2" (GRIND) (("2" (REVEAL -2 -3) (("2" (GRIND) (("2" (CASE "(d!1 - delta_L) / (K - TL)>(d!1- delta_L) / (K + TR)") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2) (("2" (GRIND) (("2" (TYPEPRED "TL") (("2" (TYPEPRED "TR") (("2" (GRIND) (("2" (GRIND) (("2" (CASE " 1 / (K - TL) > 1 / (K + TR)") (("1" (GRIND) (("1" (BOTH-SIDES "*" "d!1-delta_L") (("1" (GRIND) (("1" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BDDSIMP) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 51264 1199 T SHOSTAK)) (GT_LEQ_PROP 0 (GT_LEQ_PROP-1 NIL 3386241002 3395266040 ("" (SKOSIMP) (("" (CASE "t!1>t1!1") (("1" (HIDE 1) (("1" (INST -2 "(t!1-t1!1)/2") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 27 25 T SHOSTAK)) (GT_LEQ_PROP1 0 (GT_LEQ_PROP1-2 NIL 3386330234 3395266041 ("" (SKOSIMP) (("" (INST -1 "min((t!1-t1!1)/2,t3!1)") (("1" (CASE "(t!1-t1!1)/2>= t3!1 OR (t!1-t1!1)/2= t3!1 OR (t!1-t1!1)/2 t3!1 OR (t!1-t1!1)/2=t3!1") (("1" (SPLIT) (("1" (HIDE -2) (("1" (ASSERT) (("1" (TYPEPRED "t3!1") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (ASSERT) (("2" (CASE "min((t!1-t1!1)/2,t3!1)=(t!1-t1!1)/2") (("1" (ASSERT) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (TYPEPRED "t3!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 80 74 T NIL) (GT_LEQ_PROP1-1 NIL 3386328724 3386329961 ("" (SKOSIMP) (("" (INST -1 "min((t!1-t1!1)/2,t2!1)") (("1" (CASE "(t!1-t1!1)/2>= t2!1 OR (t!1-t1!1)/2= t2!1 OR (t!1-t1!1)/2 t2!1 OR (t!1-t1!1)/2=t2!1") (("1" (SPLIT) (("1" (HIDE -2) (("1" (ASSERT) (("1" (TYPEPRED "t2!1") (("1" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (ASSERT) (("2" (CASE "min((t!1-t1!1)/2,t2!1)=(t!1-t1!1)/2") (("1" (ASSERT) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (TYPEPRED "t2!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 290552 990 T SHOSTAK)) (PERFECT_CLOCK_CASE2A_1 0 (PERFECT_CLOCK_CASE2A_1-2 NIL 3388685287 3395266071 ("" (SKOSIMP) (("" (SKOSIMP) (("" (TYPEPRED "floor((d!1 - delta_L) / Tmin)") (("" (CASE "floor((d!1 - delta_L) / Tmin) < (d!1 - delta_L) / Tmin OR floor((d!1 - delta_L) / Tmin) = (d!1 - delta_L) / Tmin") (("1" (SPLIT) (("1" (HIDE 1) (("1" (CASE "floor((d!1 - delta_L) / t!1) * t!1 < d!1 - delta_L OR floor((d!1 - delta_L) / t!1) * t!1 = d!1 - delta_L OR floor((d!1 - delta_L) / t!1) * t!1 > d!1 - delta_L") (("1" (SPLIT) (("1" (PROPAX) NIL NIL) ("2" (HIDE 1) (("2" (LEMMA "Sample_Exists1") (("2" (INST -1 "floor((d!1 - delta_L) / t!1)" "t!1" "max(t!1-(2*Tmax-delta_L-delta_R)/2,Tmin)") (("1" (SKOSIMP) (("1" (EXPAND "NewFeasible") (("1" (INST -12 "Sample!1") (("1" (INST -12 "0") (("1" (SKOSIMP) (("1" (CASE "n!1floor((d!1 - delta_L) / t!1)+1") (("1" (SPLIT) (("1" (HIDE -6) (("1" (INST -12 "Sample!1(1)") (("1" (REPLACE -3 * LR) (("1" (CASE "Sample!1(n!1) 0") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (LEMMA "posreal_mult_closed") (("2" (INST -1 "floor((d!1 - delta_L) / t!1) + 1 - n!1" "K-TL") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (HIDE 2) (("3" (LEMMA "FLOOR_COMMON") (("3" (INST?) (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (CASE "Tmin>=t!1 - (2 * Tmax - delta_L - delta_R) / 2 OR Tmin0") (("1" (GRIND) NIL NIL) ("2" (HIDE 1) (("2" (REVEAL -8) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "t!1 - (-1 * delta_L - delta_R + 2 * Tmax) / 20") (("1" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13) (("1" (GRIND) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (HIDE -5) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (HIDE -6) (("2" (INST -12 "Sample!1(1)") (("1" (REPLACE -3 * LR) (("1" (CASE "max(t!1 - (2 * Tmax - delta_L - delta_R) / 2, Tmin)d!1 + delta_R") (("1" (LEMMA "GT_LEQ_PROP1") (("1" (INST -1 "Sample!1(n!1)" "d!1+delta_R" "Sample!1(1)") (("1" (BDDSIMP) (("1" (ASSERT) NIL NIL) ("2" (HIDE -1 -2 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13) (("2" (SKOSIMP) (("2" (INST -2 "x!1") (("1" (ASSERT) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (HIDE -13) (("2" (CASE "Sample!1(n!1)>=Sample!1(floor((d!1 - delta_L) / t!1) + 2)") (("1" (CASE "Sample!1(floor((d!1 - delta_L) / t!1) + 2)>d!1 + delta_R") (("1" (HIDE -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 -14) (("1" (GRIND) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (HIDE -5) (("2" (CASE "(floor((d!1 - delta_L) / t!1) - 1) * t!1 + Tmax + max(t!1 - (2 * Tmax - delta_L - delta_R) / 2, Tmin) + (floor((d!1 - delta_L) / t!1) + 2 - floor((d!1 - delta_L) / t!1) - 1) * Tmax>d!1+delta_R") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (ASSERT) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12) (("2" (GRIND) (("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "2 + floor((d!1 - delta_L) / t!1)" "n!1-(2 + floor((d!1 - delta_L) / t!1))") (("1" (CASE "(n!1 - (2 + floor((d!1 - delta_L) / t!1))) * (K - TL)>=0") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (LEMMA "nonneg_real_mult_closed") (("2" (INST -1 "n!1 - (2 + floor((d!1 - delta_L) / t!1))" "K-TL") (("2" (TYPEPRED "TL") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "FLOOR_COMMON") (("2" (INST?) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (HIDE 2) (("3" (ASSERT) (("3" (LEMMA "FLOOR_COMMON") (("3" (INST?) (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "FLOOR_COMMON") (("2" (INST?) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -5) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SPLIT) (("1" (GRIND) NIL NIL) ("2" (HIDE -7) (("2" (TYPEPRED "t!1") (("2" (GRIND) NIL NIL)) NIL)) NIL) ("3" (GRIND) NIL NIL)) NIL) ("3" (LEMMA "FLOOR_COMMON") (("3" (INST?) (("3" (CASE "floor((d!1 - delta_L) / t!1) < 1 OR floor((d!1 - delta_L) / t!1) = 1 OR floor((d!1 - delta_L) / t!1) > 1") (("1" (SPLIT) (("1" (GRIND) NIL NIL) ("2" (HIDE 1) (("2" (REPLACE -1 * LR) (("2" (TYPEPRED "t!1") (("2" (TYPEPRED "d!1") (("2" (HIDE -16) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (HIDE 1) (("3" (TYPEPRED "floor((d!1 - delta_L) / t!1)") (("3" (HIDE -2 -4 -5 -6 -7 -8 -9) (("3" (GRIND) (("3" (CASE "floor((d!1 - delta_L) / t!1) > (d!1 - delta_L)/t!1") (("1" (GRIND) NIL NIL) ("2" (HIDE -1) (("2" (LEMMA "div_mult_pos_gt1") (("2" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1)" "d!1 - delta_L") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) NIL (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 3078 2895 T NIL) (PERFECT_CLOCK_CASE2A_1-1 NIL 3387972175 3388685270 ("" (SKOSIMP) (("" (SKOSIMP) (("" (TYPEPRED "floor((d!1 - delta_L) / Tmin)") (("" (CASE "floor((d!1 - delta_L) / Tmin) < (d!1 - delta_L) / Tmin OR floor((d!1 - delta_L) / Tmin) = (d!1 - delta_L) / Tmin") (("1" (SPLIT) (("1" (HIDE 1) (("1" (CASE "floor((d!1 - delta_L) / t!1) * t!1 < d!1 - delta_L OR floor((d!1 - delta_L) / t!1) * t!1 = d!1 - delta_L OR floor((d!1 - delta_L) / t!1) * t!1 > d!1 - delta_L") (("1" (SPLIT) (("1" (PROPAX) NIL NIL) ("2" (HIDE 1) (("2" (LEMMA "Sample_Exists1") (("2" (INST -1 "floor((d!1 - delta_L) / t!1)" "t!1" "max(t!1-(2*Tmax-delta_L-delta_R)/2,Tmin)") (("1" (SKOSIMP) (("1" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("3" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 453 75 T NIL)) (PERFECT_CLOCK_CASE2A_2 0 (PERFECT_CLOCK_CASE2A_2-3 NIL 3388681358 3395266130 ("" (SKOSIMP) (("" (EXPAND "NewFeasible") (("" (CASE "Kmax(d!1)< Kmin(d!1) + 1 OR Kmax(d!1) = Kmin(d!1) + 1 OR Kmax(d!1) > Kmin(d!1) + 1") (("1" (BDDSIMP) (("1" (HIDE -5) (("1" (CASE "Kmax(d!1) = Kmin(d!1)") (("1" (HIDE 1) (("1" (EXPAND "Kmax") (("1" (EXPAND "Kmin") (("1" (HIDE -2) (("1" (CASE "TmaxTmin") (("1" (SPLIT) (("1" (GRIND) NIL NIL) ("2" (PROPAX) NIL NIL) ("3" (HIDE 1) (("3" (CASE "floor((d!1 - delta_L) / Tmax)* Tmaxd!1 - delta_L") (("1" (SPLIT) (("1" (CASE "floor((d!1 - delta_L) / Tmax) * Tmax = Kmin(d!1)") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4) (("2" (GRIND) (("2" (HIDE 2) (("2" (LEMMA "FLOOR_REAL1") (("2" (INST?) (("1" (BDDSIMP) (("1" (HIDE 2) (("1" (LEMMA "both_sides_div_pos_lt2") (("1" (INST -1 "K + TR" "K-TL" "d!1-delta_L") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (TYPEPRED "d!1") (("2" (GRIND) (("2" (CASE " (d!1 - delta_L) / (K + TR)>1") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (GRIND) (("2" (BOTH-SIDES "/" "K+TR" -4) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (HIDE 2) (("3" (TYPEPRED "d!1") (("3" (CASE "d!1 - delta_L > K -TL") (("1" (LEMMA "both_sides_div_pos_lt1") (("1" (INST -1 "K-TL" "K-TL" "d!1 - delta_L") (("1" (BDDSIMP) (("1" (CASE "(d!1 - delta_L) / (K - TL) >1") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (GRIND) (("2" (HIDE -2 -3 -4 -5 -6 -7) (("2" (CASE "(K - TL) / (K - TL)=1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "Kmax(d!1) >= Kmin(d!1) + 2") (("1" (HIDE -2 1) (("1" (LEMMA "Sample_Exists1") (("1" (INST -1 "Kmin(d!1)+1" "(d!1-delta_L)/(Kmin(d!1)+1)" "max((d!1-delta_L)/(Kmin(d!1)+1)-(2*Tmax-delta_L-delta_R)/2,Tmin)") (("1" (SKOSIMP) (("1" (INST -10 "Sample!1") (("1" (INST -10 "0") (("1" (SKOSIMP) (("1" (INST -10 "Sample!1(1)") (("1" (REPLACE -2 * LR) (("1" (CASE "n!1Kmin(d!1)+2") (("1" (SPLIT) (("1" (HIDE -5 -6) (("1" (INST -4 "Kmin(d!1)+1") (("1" (CASE "Sample!1(n!1)<=Sample!1(Kmin(d!1) + 1)") (("1" (FLATTEN) (("1" (CASE "(Kmin(d!1) + 1 - 1) * ((d!1 - delta_L) / (Kmin(d!1) + 1))=0") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (CASE "Kmin(d!1) + 1 >= n!1") (("1" (LEMMA "pos_times_ge") (("1" (INST -1 "Kmin(d!1) + 1 - n!1" "K-TL") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (HIDE -1 -3 -4 -5 -6 -7 -8 -9 -10 2 3) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (CASE "Sample!1(n!1)= (Kmin(d!1) + 1 - 1) * ((d!1 - delta_L) / (Kmin(d!1) + 1)) + Tmax + max((d!1 - delta_L) / (Kmin(d!1) + 1) - (2 * Tmax - delta_L - delta_R) / 2, Tmin)") (("1" (HIDE -6) (("1" (BDDSIMP) (("1" (CASE "(Kmin(d!1) + 1 - 1) * ((d!1 - delta_L) / (Kmin(d!1) + 1)) + max((d!1 - delta_L) / (Kmin(d!1) + 1) - (2 * Tmax - delta_L - delta_R) / 2, Tmin)< d!1-delta_L") (("1" (GRIND) NIL NIL) ("2" (HIDE -1 -6) (("2" (CASE "(d!1 - delta_L) / (Kmin(d!1) + 1) - (2 * Tmax - delta_L - delta_R) / 2< Tmin OR (d!1 - delta_L) / (Kmin(d!1) + 1) - (2 * Tmax - delta_L - delta_R) / 2>= Tmin") (("1" (SPLIT) (("1" (ASSERT) (("1" (EXPAND "max") (("1" (CASE "Tmin < (d!1 - delta_L) / (1 + Kmin(d!1))") (("1" (CASE "Kmin(d!1) * ((d!1 - delta_L) / (1 + Kmin(d!1)))+ (d!1 - delta_L) / (1 + Kmin(d!1))=d!1-delta_L") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12) (("2" (HIDE 2) (("2" (ASSERT) (("2" (LEMMA "both_sides_times1") (("2" (INST -1 "d!1-delta_L" "1/ (1 + Kmin(d!1)) + Kmin(d!1) / (1 + Kmin(d!1))" "1") (("2" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (HIDE -5) (("2" (CASE "Kmax(d!1)*Tmin=d!1 - delta_L") (("1" (CASE "Tmin =(d!1 - delta_L) / Kmax(d!1)") (("1" (HIDE -2 -3 -4 -5 -6 -8 -9 -10 -11 -12) (("1" (CASE "Kmax(d!1)>1 + Kmin(d!1)") (("1" (CASE "(d!1 - delta_L) / Kmax(d!1)<(d!1 - delta_L) / (1 + Kmin(d!1))") (("1" (GRIND) NIL NIL) ("2" (HIDE 2 3) (("2" (LEMMA "both_sides_div_pos_gt2") (("2" (INST -1 "1 + Kmin(d!1)" "Kmax(d!1)" "d!1-delta_L") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2 3 -1) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 2 3) (("2" (REPLACE -1 * RL) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Kmax") (("2" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "max((d!1 - delta_L) / (Kmin(d!1) + 1) - (2 * Tmax - delta_L - delta_R) / 2, Tmin)=(d!1 - delta_L) / (Kmin(d!1) + 1) - (2 * Tmax - delta_L - delta_R) / 2") (("1" (REPLACE -1 * LR) (("1" (HIDE -1) (("1" (CASE "Kmin(d!1)* ((d!1 - delta_L) / (Kmin(d!1) + 1)) + (d!1 - delta_L) / (Kmin(d!1) + 1)=d!1-delta_L") (("1" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 2) (("1" (ASSERT) (("1" (CASE "Tmax*2 -delta_L - delta_R>0") (("1" (GRIND) NIL NIL) ("2" (HIDE -1 2) (("2" (REVEAL -8 -9) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 2 3) (("2" (LEMMA "both_sides_times1") (("2" (INST -1 "d!1-delta_L" "1/ (1 + Kmin(d!1)) + Kmin(d!1) / (1 + Kmin(d!1))" "1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 2 3) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -4) (("2" (HIDE -6) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("3" (FLATTEN) (("3" (HIDE -4 -5) (("3" (CASE "Sample!1(n!1)>=Sample!1(Kmin(d!1) + 3)") (("1" (INST -5 "Kmin(d!1) + 3") (("1" (HIDE -10 -11) (("1" (REVEAL -6) (("1" (CASE "Kmin(d!1) * ((d!1 - delta_L) / (Kmin(d!1) + 1)) + max((d!1 - delta_L) / (Kmin(d!1) + 1) - (2 * Tmax - delta_L - delta_R) / 2, Tmin) + Tmax*2> d!1 + delta_R") (("1" (ASSERT) (("1" (CASE "FORALL (t: time[K] | t >= Sample!1(0) AND t <= Sample!1(1)): Sample!1(n!1) - t >= d!1 - delta_L AND Sample!1(n!1) - t <= d!1 + delta_R") (("1" (INST -1 "Sample!1(0)") (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (HIDE -1 -3 -4 -6 -7 -8 -9 -10 -11 2) (("2" (SKOSIMP) (("2" (CASE "t!1=0 OR t!1>0") (("1" (SPLIT) (("1" (REPLACE -1 * LR) (("1" (SPLIT) (("1" (INST -2 "Sample!1(1)") (("1" (ASSERT) NIL NIL)) NIL) ("2" (HIDE -1) (("2" (ASSERT) (("2" (CASE "Sample!1(n!1) > d!1 + delta_R") (("1" (HIDE 1) (("1" (INST -2 "(Sample!1(n!1)-(d!1+delta_R))/2") (("1" (ASSERT) NIL NIL) ("2" (GRIND) (("2" (REVEAL -13) (("2" (GRIND) (("2" (REVEAL -6) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -6) (("2" (HIDE -1) (("2" (CASE "max((d!1 - delta_L) / (Kmin(d!1) + 1) - (2 * Tmax - delta_L - delta_R) / 2, Tmin) + Tmax * 2>=(d!1 - delta_L) / (Kmin(d!1) + 1)+Tmax+(delta_L+delta_R)/2") (("1" (CASE "Kmin(d!1) * ((d!1 - delta_L) / (Kmin(d!1) + 1))+(d!1 - delta_L) / (Kmin(d!1) + 1) =d!1-delta_L") (("1" (GRIND) NIL NIL) ("2" (HIDE -1 -2 -3 -4 -5 -6 -7 -8 -9 2 3) (("2" (LEMMA "both_sides_times1") (("2" (INST -1 "d!1-delta_L" "1/ (1 + Kmin(d!1)) + Kmin(d!1) / (1 + Kmin(d!1))" "1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -4) (("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "Kmin(d!1) + 3" "(n!1-(Kmin(d!1) + 3))") (("1" (CASE "n!1>=Kmin(d!1) + 3") (("1" (CASE "(n!1 - (Kmin(d!1) + 3)) * (K - TL)>=0") (("1" (GRIND) NIL NIL) ("2" (HIDE 2 3) (("2" (CASE "K-TL>0") (("1" (HIDE -3 -4 -5 -6 -7 -8 -9 -10 -11 -12) (("1" (LEMMA " pos_times_ge") (("1" (INST -1 "n!1 - (Kmin(d!1) + 3)" "K-TL") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "(d!1 - delta_L) / (1 + Kmin(d!1)) - (-1 * delta_L - delta_R + 2 * Tmax[K, TL, TR]) / 2<=Tmax") (("1" (GRIND) NIL NIL) ("2" (HIDE 2 3) (("2" (CASE "(d!1 - delta_L) / (1 + Kmin(d!1)) <=Tmax") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (EXPAND "Kmax") (("2" (EXPAND "Kmin") (("2" (HIDE -2 -3 -4 -5) (("2" (CASE " Tmax< (d!1 - delta_L) / (1 + floor((d!1 - delta_L) / Tmax))") (("1" (HIDE 1) (("1" (CASE "Tmax+ Tmax*floor((d!1 - delta_L) / Tmax) Tmax[K, TL, TR]") (("1" (HIDE -2 -3 -4 -5 1 2) (("1" (EXPAND "Kmin") (("1" (CASE "Tmax + Tmax * floor((d!1 - delta_L) / Tmax)< d!1-delta_L") (("1" (HIDE -2) (("1" (TYPEPRED " floor((d!1 - delta_L) / Tmax)") (("1" (LEMMA "both_sides_div_pos_lt1") (("1" (INST -1 "Tmax" "(1 + floor((d!1 - delta_L) / Tmax))*Tmax" "d!1 - delta_L") (("1" (CASE "(1 + floor((d!1 - delta_L) / Tmax)) * Tmax / Tmax=1 + floor((d!1 - delta_L) / Tmax)") (("1" (REPLACE -1 * LR) (("1" (GRIND) NIL NIL)) NIL) ("2" (HIDE -1 -2 -3 -4) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "both_sides_times_pos_lt1") (("2" (INST -1 "(1 + floor((d!1 - delta_L) / Tmax))" "Tmax" "(d!1 - delta_L) / (1 + floor((d!1 - delta_L) / Tmax))") (("1" (CASE "Tmax * (1 + floor((d!1 - delta_L) / Tmax)) < (d!1 - delta_L) / (1 + floor((d!1 - delta_L) / Tmax)) * (1 + floor((d!1 - delta_L) / Tmax))=Tmax * (1 + floor((d!1 - delta_L) / Tmax)) < (d!1 - delta_L)") (("1" (REPLACE -1 * LR) (("1" (GRIND) NIL NIL)) NIL) ("2" (HIDE -1 -2 2) (("2" (NAME-REPLACE "z!4" "1 + floor((d!1 - delta_L) / Tmax)") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("3" (HIDE -2 -3 2) (("3" (CASE "(d!1 - delta_L) / (1 + Kmin(d!1)) < Tmin[K, TL, TR]") (("1" (HIDE 1) (("1" (REPLACE -3 * RL) (("1" (HIDE -3) (("1" (CASE "floor((d!1 - delta_L) / Tmin) < (1 + Kmin(d!1))") (("1" (HIDE -2) (("1" (EXPAND "Kmin") (("1" (EXPAND "Kmax") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (HIDE -2) (("2" (BOTH-SIDES "/" "Tmin" -1) (("2" (ASSERT) (("2" (BOTH-SIDES "/" "1+Kmin(d!1)" 1) (("2" (ASSERT) (("2" (NAME-REPLACE "z!5" "floor((d!1 - delta_L) / Tmin)") (("2" (NAME-REPLACE "z!6" "1+Kmin(d!1)") (("2" (CASE "z!5 * Tmin / z!6 / Tmin=z!5/z!6") (("1" (REPLACE -1 * RL) (("1" (REPLACE -1 * LR) (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (HIDE -1 2) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("4" (HIDE -5) (("4" (CASE "Kmin(d!1)>0") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (GRIND) (("2" (LEMMA "FLOOR_COMMON") (("2" (INST?) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -5) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 5904 5563 T NIL) (PERFECT_CLOCK_CASE2A_2-2 NIL 3388681319 3388681333 ("" (SKOSIMP) (("" (CASE "Kmax(d!1)< Kmin(d!1) + 1 OR Kmax(d!1) = Kmin(d!1) + 1 OR Kmax(d!1) > Kmin(d!1) + 1") (("1" (BDDSIMP) (("1" (HIDE -5) (("1" (CASE "Kmax(d!1) = Kmin(d!1)") (("1" (HIDE 1) (("1" (EXPAND "Kmax") (("1" (EXPAND "Kmin") (("1" (HIDE -2) (("1" (CASE "TmaxTmin") (("1" (SPLIT) (("1" (GRIND) NIL NIL) ("2" (PROPAX) NIL NIL) ("3" (HIDE 1) (("3" (CASE "floor((d!1 - delta_L) / Tmax)* Tmaxd!1 - delta_L") (("1" (SPLIT) (("1" (CASE "floor((d!1 - delta_L) / Tmax) * Tmax = Kmin(d!1)") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4) (("2" (GRIND) (("2" (HIDE 2) (("2" (LEMMA "FLOOR_REAL1") (("2" (INST?) (("1" (BDDSIMP) (("1" (HIDE 2) (("1" (LEMMA "both_sides_div_pos_lt2") (("1" (INST -1 "K + TR" "K-TL" "d!1-delta_L") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (TYPEPRED "d!1") (("2" (GRIND) (("2" (CASE " (d!1 - delta_L) / (K + TR)>1") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (GRIND) (("2" (BOTH-SIDES "/" "K+TR" -4) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (HIDE 2) (("3" (TYPEPRED "d!1") (("3" (CASE "d!1 - delta_L > K -TL") (("1" (LEMMA "both_sides_div_pos_lt1") (("1" (INST -1 "K-TL" "K-TL" "d!1 - delta_L") (("1" (BDDSIMP) (("1" (CASE "(d!1 - delta_L) / (K - TL) >1") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (GRIND) (("2" (HIDE -2 -3 -4 -5 -6 -7) (("2" (CASE "(K - TL) / (K - TL)=1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "Kmax(d!1) >= Kmin(d!1) + 2") (("1" (HIDE -2 1) (("1" (LEMMA "Sample_Exists1") (("1" (INST -1 "Kmin(d!1)+1" "(d!1-delta_L)/(Kmin(d!1)+1)" "max((d!1-delta_L)/(Kmin(d!1)+1)-(2*Tmax-delta_L-delta_R)/2,Tmin)") (("1" (SKOSIMP) (("1" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) UNFINISHED NIL 1249 789 NIL NIL) (PERFECT_CLOCK_CASE2A_2-1 NIL 3388681308 3388681309 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 121 0 T SHOSTAK)) (PERFECT_CLOCK_CASE2A 0 (PERFECT_CLOCK_CASE2A-15 "" 3389097065 3395266139 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_2") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "NewFeasible") (("2" (INST-CP - "lambda (n:nat): n*Tmax") (("1" (INST -8 "0") (("1" (SKOLEM!) (("1" (SIMPLIFY) (("1" (INST -8 "Tmax") (("1" (FLATTEN) (("1" (ASSERT) (("1" (HIDE -7) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (BOTH-SIDES "/" "Tmax" -9 -10) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmax" "n!1-1") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (LEMMA "times_div1") (("1" (INST?) (("1" (SIMPLIFY) (("1" (CASE "n!1-1>= (d!1 - delta_L) / Tmax") (("1" (EXPAND "<=" -4) (("1" (BDDSIMP) (("1" (HIDE -12) (("1" (REVEAL -6) (("1" (CASE "FORALL (t: time[K] | t >= 0 AND t <= Tmax): n!1 * Tmax - t >= d!1 - delta_L AND n!1 * Tmax - t <= d!1 + delta_R") (("1" (HIDE -2) (("1" (INST -1 "0") (("1" (CASE "n!1<= (d!1 + delta_R) / Tmax") (("1" (CASE "floor((d!1 - delta_L) / Tmax) +2<= (d!1+delta_R)/Tmax") (("1" (BOTH-SIDES "*" "Tmax" -1) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) (("2" (BOTH-SIDES "*" "Tmax" 1) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 2 3) (("2" (SKOSIMP) (("2" (CASE "t!1=0 OR t!1>0") (("1" (SPLIT) (("1" (REPLACE -1 * LR) (("1" (SIMPLIFY) (("1" (HIDE -1) (("1" (ASSERT) (("1" (CASE "n!1 * Tmax > d!1 + delta_R") (("1" (HIDE 1) (("1" (INST -2 "(n!1 * Tmax -(d!1 + delta_R))/2") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (INST -2 "t!1") NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (LEMMA "NewFeasibleAnddMinusDeltaL") (("2" (INST?) (("2" (BDDSIMP) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL) ("3" (INST + "floor((d!1 - delta_L) / Tmax)") (("1" (ASSERT) NIL NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) NIL NIL)) NIL)) NIL) ("4" (ASSERT) (("4" (REVEAL -5) (("4" (EXPAND "NewFeasible") (("4" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 824 777 T NIL) (PERFECT_CLOCK_CASE2A-14 "" 3389096839 3389096883 (";;; Proof PERFECT_CLOCK_CASE2A-13 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (SKOLEM-TYPEPRED) ((";;; Proof PERFECT_CLOCK_CASE2A-13 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (FLATTEN) ((";;; Proof PERFECT_CLOCK_CASE2A-13 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "FEASIBLE22_MAIN0") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) NIL))))))))) ("2" (BDDSIMP) (("1" (LEMMA "FEASIBLE22_MAIN") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL))))))))) ("4" (GRIND) NIL))))))))))))))) ("2" (HIDE 2) (("2" (LEMMA "FEASIBLE22_MAIN") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL))))))))) ("4" (GRIND) NIL))))))))))))))))))) ("2" (GRIND) NIL))))))))))))) ("2" (EXPAND "NewFeasible") (("2" (INST-CP - "lambda (n:nat): n*Tmax") (("1" (INST -8 "0") (("1" (SKOLEM!) (("1" (SIMPLIFY) (("1" (INST -8 "Tmax") (("1" (FLATTEN) (("1" (ASSERT) (("1" (HIDE -7) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (BOTH-SIDES "/" "Tmax" -9 -10) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmax" "n!1-1") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (LEMMA "times_div1") (("1" (INST?) (("1" (SIMPLIFY) (("1" (CASE "n!1-1>= (d!1 - delta_L) / Tmax") (("1" (EXPAND "<=" -4) (("1" (BDDSIMP) (("1" (HIDE -12) (("1" (REVEAL -6) (("1" (CASE "FORALL (t: time[K] | t >= 0 AND t <= Tmax): n!1 * Tmax - t >= d!1 - delta_L AND n!1 * Tmax - t <= d!1 + delta_R") (("1" (HIDE -2) (("1" (INST -1 "0") (("1" (CASE "n!1<= (d!1 + delta_R) / Tmax") (("1" (CASE "floor((d!1 - delta_L) / Tmax) +2<= (d!1+delta_R)/Tmax") (("1" (BOTH-SIDES "*" "Tmax" -1) (("1" (ASSERT) NIL) ("2" (ASSERT) NIL))) ("2" (ASSERT) NIL))) ("2" (ASSERT) (("2" (BOTH-SIDES "*" "Tmax" 1) (("2" (ASSERT) NIL))))))))))) ("2" (ASSERT) (("2" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 2 3) (("2" (SKOSIMP) (("2" (CASE "t!1=0 OR t!1>0") (("1" (SPLIT) (("1" (REPLACE -1 * LR) (("1" (SIMPLIFY) (("1" (HIDE -1) (("1" (ASSERT) (("1" (CASE "n!1 * Tmax > d!1 + delta_R") (("1" (HIDE 1) (("1" (INST -2 "(n!1 * Tmax -(d!1 + delta_R))/2") (("1" (ASSERT) NIL))))) ("2" (GRIND) NIL))))))))))) ("2" (ASSERT) (("2" (INST -2 "t!1") NIL))))) ("2" (GRIND) NIL))))))))))))))) ("2" (ASSERT) (("2" (LEMMA "NewFeasibleAnddMinusDeltaL") (("2" (INST?) (("2" (BDDSIMP) (("1" (ASSERT) NIL) ("2" (ASSERT) NIL) ("3" (INST + "floor((d!1 - delta_L) / Tmax)") (("1" (ASSERT) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) NIL))))) ("4" (ASSERT) (("4" (REVEAL -5) (("4" (EXPAND "NewFeasible") (("4" (PROPAX) NIL))))))))))))))))))) ("2" (ASSERT) NIL))))))))))))))))))))))))))))))))))) ("2" (GRIND) NIL)))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 4340 2346 T NIL) (PERFECT_CLOCK_CASE2A-13 "" 3389096664 3389096727 (";;; Proof PERFECT_CLOCK_CASE2A-8 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (SKOLEM-TYPEPRED) ((";;; Proof PERFECT_CLOCK_CASE2A-8 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (FLATTEN) ((";;; Proof PERFECT_CLOCK_CASE2A-8 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "FEASIBLE22_MAIN0") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) NIL))))))))) ("2" (BDDSIMP) (("1" (LEMMA "FEASIBLE22_MAIN") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL))))))))) ("4" (GRIND) NIL))))))))))))))) ("2" (HIDE 2) (("2" (LEMMA "FEASIBLE22_MAIN") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL))))))))) ("4" (GRIND) NIL))))))))))))))))))) ("2" (GRIND) NIL))))))))))))) ("2" (EXPAND "NewFeasible") (("2" (INST-CP - "lambda (n:nat): n*Tmax") (("1" (INST -8 "0") (("1" (SKOLEM!) (("1" (SIMPLIFY) (("1" (INST -8 "Tmax") (("1" (FLATTEN) (("1" (ASSERT) (("1" (HIDE -7) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (BOTH-SIDES "/" "Tmax" -9 -10) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmax" "n!1-1") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (LEMMA "times_div1") (("1" (INST?) (("1" (SIMPLIFY) (("1" (CASE "n!1-1>= (d!1 - delta_L) / Tmax") (("1" (EXPAND "<=" -4) (("1" (BDDSIMP) (("1" (HIDE -12) (("1" (REVEAL -6) (("1" (CASE "FORALL (t: time[K] | t >= 0 AND t <= Tmax): n!1 * Tmax - t >= d!1 - delta_L AND n!1 * Tmax - t <= d!1 + delta_R") (("1" (HIDE -2) (("1" (INST -1 "0") (("1" (CASE "n!1<= (d!1 + delta_R) / Tmax") (("1" (CASE "floor((d!1 - delta_L) / Tmax) +2<= (d!1+delta_R)/Tmax") (("1" (BOTH-SIDES "*" "Tmax" -1) (("1" (ASSERT) NIL) ("2" (ASSERT) NIL))) ("2" (ASSERT) NIL))) ("2" (ASSERT) (("2" (BOTH-SIDES "*" "Tmax" 1) (("2" (ASSERT) NIL))))))))))) ("2" (ASSERT) (("2" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 2 3) (("2" (SKOSIMP) (("2" (CASE "t!1=0 OR t!1>0") (("1" (SPLIT) (("1" (REPLACE -1 * LR) (("1" (SIMPLIFY) (("1" (HIDE -1) (("1" (ASSERT) (("1" (CASE "n!1 * Tmax > d!1 + delta_R") (("1" (HIDE 1) (("1" (INST -2 "(n!1 * Tmax -(d!1 + delta_R))/2") (("1" (ASSERT) NIL))))) ("2" (GRIND) NIL))))))))))) ("2" (ASSERT) (("2" (INST -2 "t!1") NIL))))) ("2" (GRIND) NIL))))))))))))))) ("2" (ASSERT) (("2" (LEMMA "NewFeasibleAnddMinusDeltaL") (("2" (INST?) (("2" (BDDSIMP) (("1" (ASSERT) NIL) ("2" (ASSERT) NIL) ("3" (INST + "floor((d!1 - delta_L) / Tmax)") (("1" (ASSERT) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) NIL))))) ("4" (ASSERT) (("4" (REVEAL -5) (("4" (EXPAND "NewFeasible") (("4" (PROPAX) NIL))))))))))))))))))) ("2" (ASSERT) NIL))))))))))))))))))))))))))))))))))) ("2" (GRIND) NIL)))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 188 1 T NIL) (PERFECT_CLOCK_CASE2A-12 "" 3389093553 3389096388 (";;; Proof PERFECT_CLOCK_CASE2A-11 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (SKOLEM-TYPEPRED) ((";;; Proof PERFECT_CLOCK_CASE2A-11 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (FLATTEN) ((";;; Proof PERFECT_CLOCK_CASE2A-11 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_2") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) NIL))))))))) ("2" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (BDDSIMP) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (SKOSIMP) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL))))))) ("4" (GRIND) NIL))))))))))))) ("2" (HIDE 2) (("2" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (SKOSIMP) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL))))))) ("4" (GRIND) NIL))))))))))))))))))) ("2" (GRIND) NIL))))))))))))) ("2" (EXPAND "NewFeasible") (("2" (INST-CP - "lambda (n:nat): n*Tmax") (("1" (INST -8 "0") (("1" (SKOLEM!) (("1" (SIMPLIFY) (("1" (INST -8 "Tmax") (("1" (FLATTEN) (("1" (ASSERT) (("1" (HIDE -7) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (BOTH-SIDES "/" "Tmax" -9 -10) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmax" "n!1-1") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (LEMMA "times_div1") (("1" (INST?) (("1" (SIMPLIFY) (("1" (CASE "n!1-1>= (d!1 - delta_L) / Tmax") (("1" (EXPAND "<=" -4) (("1" (BDDSIMP) (("1" (HIDE -12) (("1" (REVEAL -6) (("1" (CASE "FORALL (t: time[K] | t >= 0 AND t <= Tmax): n!1 * Tmax - t >= d!1 - delta_L AND n!1 * Tmax - t <= d!1 + delta_R") (("1" (HIDE -2) (("1" (INST -1 "0") (("1" (CASE "n!1<= (d!1 + delta_R) / Tmax") (("1" (CASE "floor((d!1 - delta_L) / Tmax) +2<= (d!1+delta_R)/Tmax") (("1" (BOTH-SIDES "*" "Tmax" -1) (("1" (ASSERT) NIL) ("2" (ASSERT) NIL))) ("2" (ASSERT) NIL))) ("2" (ASSERT) (("2" (BOTH-SIDES "*" "Tmax" 1) (("2" (ASSERT) NIL))))))))))) ("2" (ASSERT) (("2" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 2 3) (("2" (SKOSIMP) (("2" (CASE "t!1=0 OR t!1>0") (("1" (SPLIT) (("1" (REPLACE -1 * LR) (("1" (SIMPLIFY) (("1" (HIDE -1) (("1" (ASSERT) (("1" (CASE "n!1 * Tmax > d!1 + delta_R") (("1" (HIDE 1) (("1" (INST -2 "(n!1 * Tmax -(d!1 + delta_R))/2") (("1" (ASSERT) NIL))))) ("2" (GRIND) NIL))))))))))) ("2" (ASSERT) (("2" (INST -2 "t!1") NIL))))) ("2" (GRIND) NIL))))))))))))))) ("2" (ASSERT) (("2" (LEMMA "NewFeasibleAnddMinusDeltaL1") (("2" (INST?) (("2" (BDDSIMP) (("1" (ASSERT) NIL) ("2" (ASSERT) NIL) ("3" (INST + "floor((d!1 - delta_L) / Tmax)") (("1" (ASSERT) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) NIL))))) ("4" (ASSERT) (("4" (REVEAL -5) (("4" (EXPAND "NewFeasible") (("4" (PROPAX) NIL))))))))))))))))))) ("2" (ASSERT) NIL))))))))))))))))))))))))))))))))))) ("2" (GRIND) NIL)))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 780 767 T NIL) (PERFECT_CLOCK_CASE2A-11 "" 3388776610 3388947155 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_2") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "NewFeasible") (("2" (INST-CP - "lambda (n:nat): n*Tmax") (("1" (INST -8 "0") (("1" (SKOLEM!) (("1" (SIMPLIFY) (("1" (INST -8 "Tmax") (("1" (FLATTEN) (("1" (ASSERT) (("1" (HIDE -7) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (BOTH-SIDES "/" "Tmax" -9 -10) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmax" "n!1-1") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (LEMMA "times_div1") (("1" (INST?) (("1" (SIMPLIFY) (("1" (CASE "n!1-1>= (d!1 - delta_L) / Tmax") (("1" (EXPAND "<=" -4) (("1" (BDDSIMP) (("1" (HIDE -12) (("1" (REVEAL -6) (("1" (CASE "FORALL (t: time[K] | t >= 0 AND t <= Tmax): n!1 * Tmax - t >= d!1 - delta_L AND n!1 * Tmax - t <= d!1 + delta_R") (("1" (HIDE -2) (("1" (INST -1 "0") (("1" (CASE "n!1<= (d!1 + delta_R) / Tmax") (("1" (CASE "floor((d!1 - delta_L) / Tmax) +2<= (d!1+delta_R)/Tmax") (("1" (BOTH-SIDES "*" "Tmax" -1) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) (("2" (BOTH-SIDES "*" "Tmax" 1) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 2 3) (("2" (SKOSIMP) (("2" (CASE "t!1=0 OR t!1>0") (("1" (SPLIT) (("1" (REPLACE -1 * LR) (("1" (SIMPLIFY) (("1" (HIDE -1) (("1" (ASSERT) (("1" (CASE "n!1 * Tmax > d!1 + delta_R") (("1" (HIDE 1) (("1" (INST -2 "(n!1 * Tmax -(d!1 + delta_R))/2") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (INST -2 "t!1") NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (LEMMA "NewFeasibleAnddMinusDeltaL") (("2" (INST?) (("2" (BDDSIMP) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL) ("3" (INST + "floor((d!1 - delta_L) / Tmax)") (("1" (ASSERT) NIL NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) NIL NIL)) NIL)) NIL) ("4" (ASSERT) (("4" (REVEAL -5) (("4" (EXPAND "NewFeasible") (("4" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED-INCOMPLETE NIL 898 851 T NIL) (PERFECT_CLOCK_CASE2A-10 "" 3388776588 3388776588 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL) ("5" (POSTPONE) NIL NIL) ("6" (POSTPONE) NIL NIL) ("7" (POSTPONE) NIL NIL) ("8" (POSTPONE) NIL NIL) ("9" (POSTPONE) NIL NIL) ("10" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_2") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL) ("5" (POSTPONE) NIL NIL) ("6" (POSTPONE) NIL NIL) ("7" (POSTPONE) NIL NIL) ("8" (POSTPONE) NIL NIL) ("9" (POSTPONE) NIL NIL) ("10" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("4" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL) ("5" (POSTPONE) NIL NIL) ("6" (POSTPONE) NIL NIL) ("7" (POSTPONE) NIL NIL) ("8" (POSTPONE) NIL NIL) ("9" (POSTPONE) NIL NIL) ("10" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "PERFECT_CLOCK_CASE2A_2") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL) ("5" (POSTPONE) NIL NIL) ("6" (POSTPONE) NIL NIL) ("7" (POSTPONE) NIL NIL) ("8" (POSTPONE) NIL NIL) ("9" (POSTPONE) NIL NIL) ("10" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("4" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL) ("5" (POSTPONE) NIL NIL) ("6" (POSTPONE) NIL NIL) ("7" (POSTPONE) NIL NIL) ("8" (POSTPONE) NIL NIL) ("9" (POSTPONE) NIL NIL) ("10" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "NewFeasible") (("2" (INST-CP - "lambda (n:nat): n*Tmax") (("1" (INST -8 "0") (("1" (SKOLEM!) (("1" (SIMPLIFY) (("1" (INST -8 "Tmax") (("1" (FLATTEN) (("1" (ASSERT) (("1" (HIDE -7) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (BOTH-SIDES "/" "Tmax" -9 -10) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmax" "n!1-1") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (LEMMA "times_div1") (("1" (INST?) (("1" (SIMPLIFY) (("1" (CASE "n!1-1>= (d!1 - delta_L) / Tmax") (("1" (EXPAND "<=" -4) (("1" (BDDSIMP) (("1" (HIDE -12) (("1" (REVEAL -6) (("1" (CASE "FORALL (t: time[K] | t >= 0 AND t <= Tmax): n!1 * Tmax - t >= d!1 - delta_L AND n!1 * Tmax - t <= d!1 + delta_R") (("1" (HIDE -2) (("1" (INST -1 "0") (("1" (CASE "n!1<= (d!1 + delta_R) / Tmax") (("1" (CASE "floor((d!1 - delta_L) / Tmax) +2<= (d!1+delta_R)/Tmax") (("1" (BOTH-SIDES "*" "Tmax" -1) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) (("2" (BOTH-SIDES "*" "Tmax" 1) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 2 3) (("2" (SKOSIMP) (("2" (CASE "t!1=0 OR t!1>0") (("1" (SPLIT) (("1" (REPLACE -1 * LR) (("1" (SIMPLIFY) (("1" (HIDE -1) (("1" (ASSERT) (("1" (CASE "n!1 * Tmax > d!1 + delta_R") (("1" (HIDE 1) (("1" (INST -2 "(n!1 * Tmax -(d!1 + delta_R))/2") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (INST -2 "t!1") NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (LEMMA "NewFeasibleAnddMinusDeltaL") (("2" (INST?) (("2" (BDDSIMP) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL) ("3" (INST + "floor((d!1 - delta_L) / Tmax)") (("1" (ASSERT) NIL NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) NIL NIL)) NIL)) NIL) ("4" (ASSERT) (("4" (REVEAL -5) (("4" (EXPAND "NewFeasible") (("4" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 6648 4434 T SHOSTAK) (PERFECT_CLOCK_CASE2A-9 NIL 3388776520 NIL (";;; Proof PERFECT_CLOCK_CASE2A-8 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (SKOLEM-TYPEPRED) ((";;; Proof PERFECT_CLOCK_CASE2A-8 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (FLATTEN) ((";;; Proof PERFECT_CLOCK_CASE2A-8 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) NIL))))))))) ("2" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_2") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL))))))))) ("4" (GRIND) NIL))))))))))))))) ("2" (HIDE 2) (("2" (LEMMA "PERFECT_CLOCK_CASE2A_2") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL))))))))) ("4" (GRIND) NIL))))))))))))))))))) ("2" (GRIND) NIL))))))))))))) ("2" (EXPAND "NewFeasible") (("2" (INST-CP - "lambda (n:nat): n*Tmax") (("1" (INST -8 "0") (("1" (SKOLEM!) (("1" (SIMPLIFY) (("1" (INST -8 "Tmax") (("1" (FLATTEN) (("1" (ASSERT) (("1" (HIDE -7) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (BOTH-SIDES "/" "Tmax" -9 -10) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmax" "n!1-1") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (LEMMA "times_div1") (("1" (INST?) (("1" (SIMPLIFY) (("1" (CASE "n!1-1>= (d!1 - delta_L) / Tmax") (("1" (EXPAND "<=" -4) (("1" (BDDSIMP) (("1" (HIDE -12) (("1" (REVEAL -6) (("1" (CASE "FORALL (t: time[K] | t >= 0 AND t <= Tmax): n!1 * Tmax - t >= d!1 - delta_L AND n!1 * Tmax - t <= d!1 + delta_R") (("1" (HIDE -2) (("1" (INST -1 "0") (("1" (CASE "n!1<= (d!1 + delta_R) / Tmax") (("1" (CASE "floor((d!1 - delta_L) / Tmax) +2<= (d!1+delta_R)/Tmax") (("1" (BOTH-SIDES "*" "Tmax" -1) (("1" (ASSERT) NIL) ("2" (ASSERT) NIL))) ("2" (ASSERT) NIL))) ("2" (ASSERT) (("2" (BOTH-SIDES "*" "Tmax" 1) (("2" (ASSERT) NIL))))))))))) ("2" (ASSERT) (("2" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 2 3) (("2" (SKOSIMP) (("2" (CASE "t!1=0 OR t!1>0") (("1" (SPLIT) (("1" (REPLACE -1 * LR) (("1" (SIMPLIFY) (("1" (HIDE -1) (("1" (ASSERT) (("1" (CASE "n!1 * Tmax > d!1 + delta_R") (("1" (HIDE 1) (("1" (INST -2 "(n!1 * Tmax -(d!1 + delta_R))/2") (("1" (ASSERT) NIL))))) ("2" (GRIND) NIL))))))))))) ("2" (ASSERT) (("2" (INST -2 "t!1") NIL))))) ("2" (GRIND) NIL))))))))))))))) ("2" (ASSERT) (("2" (LEMMA "NewFeasibleAnddMinusDeltaL") (("2" (INST?) (("2" (BDDSIMP) (("1" (ASSERT) NIL) ("2" (ASSERT) NIL) ("3" (INST + "floor((d!1 - delta_L) / Tmax)") (("1" (ASSERT) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) NIL))))) ("4" (ASSERT) (("4" (REVEAL -5) (("4" (EXPAND "NewFeasible") (("4" (PROPAX) NIL))))))))))))))))))) ("2" (ASSERT) NIL))))))))))))))))))))))))))))))))))) ("2" (GRIND) NIL)))))))))) ";;; developed with SHOSTAK decision procedures") UNCHECKED NIL NIL NIL NIL NIL) (PERFECT_CLOCK_CASE2A-8 NIL 3388685761 3388776289 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "FEASIBLE22_MAIN0") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BDDSIMP) (("1" (LEMMA "FEASIBLE22_MAIN") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "FEASIBLE22_MAIN") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "NewFeasible") (("2" (INST-CP - "lambda (n:nat): n*Tmax") (("1" (INST -8 "0") (("1" (SKOLEM!) (("1" (SIMPLIFY) (("1" (INST -8 "Tmax") (("1" (FLATTEN) (("1" (ASSERT) (("1" (HIDE -7) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (BOTH-SIDES "/" "Tmax" -9 -10) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmax" "n!1-1") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (LEMMA "times_div1") (("1" (INST?) (("1" (SIMPLIFY) (("1" (CASE "n!1-1>= (d!1 - delta_L) / Tmax") (("1" (EXPAND "<=" -4) (("1" (BDDSIMP) (("1" (HIDE -12) (("1" (REVEAL -6) (("1" (CASE "FORALL (t: time[K] | t >= 0 AND t <= Tmax): n!1 * Tmax - t >= d!1 - delta_L AND n!1 * Tmax - t <= d!1 + delta_R") (("1" (HIDE -2) (("1" (INST -1 "0") (("1" (CASE "n!1<= (d!1 + delta_R) / Tmax") (("1" (CASE "floor((d!1 - delta_L) / Tmax) +2<= (d!1+delta_R)/Tmax") (("1" (BOTH-SIDES "*" "Tmax" -1) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) (("2" (BOTH-SIDES "*" "Tmax" 1) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 2 3) (("2" (SKOSIMP) (("2" (CASE "t!1=0 OR t!1>0") (("1" (SPLIT) (("1" (REPLACE -1 * LR) (("1" (SIMPLIFY) (("1" (HIDE -1) (("1" (ASSERT) (("1" (CASE "n!1 * Tmax > d!1 + delta_R") (("1" (HIDE 1) (("1" (INST -2 "(n!1 * Tmax -(d!1 + delta_R))/2") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (INST -2 "t!1") NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (LEMMA "NewFeasibleAnddMinusDeltaL") (("2" (INST?) (("2" (BDDSIMP) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL) ("3" (INST + "floor((d!1 - delta_L) / Tmax)") (("1" (ASSERT) NIL NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) NIL NIL)) NIL)) NIL) ("4" (ASSERT) (("4" (REVEAL -5) (("4" (EXPAND "NewFeasible") (("4" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED NIL 729 696 T NIL) (PERFECT_CLOCK_CASE2A-7 NIL 3388681020 3388685748 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "FEASIBLE22_MAIN0") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BDDSIMP) (("1" (LEMMA "FEASIBLE22_MAIN") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "FEASIBLE22_MAIN") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "NewFeasible") (("2" (INST-CP - "lambda (n:nat): n*Tmax") (("1" (INST -8 "0") (("1" (SKOLEM!) (("1" (SIMPLIFY) (("1" (INST -8 "Tmax") (("1" (FLATTEN) (("1" (ASSERT) (("1" (HIDE -7) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (BOTH-SIDES "/" "Tmax" -9 -12) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmax" "n!1-1") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (LEMMA "times_div1") (("1" (INST?) (("1" (SIMPLIFY) (("1" (CASE "n!1-1>= (d!1 - delta_L) / Tmax") (("1" (EXPAND "<=" -4) (("1" (BDDSIMP) (("1" (CASE "n!1<= (d!1 + delta_R) / Tmax") (("1" (CASE "floor((d!1 - delta_L) / Tmax) +2<= (d!1+delta_R)/Tmax") (("1" (BOTH-SIDES "*" "Tmax" -1) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) (("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (LEMMA "NewFeasibleAnddMinusDeltaL") (("2" (INST?) (("2" (BDDSIMP) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) NIL NIL) ("3" (INST + "floor((d!1 - delta_L) / Tmax)") (("1" (ASSERT) NIL NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) NIL NIL)) NIL)) NIL) ("4" (ASSERT) (("4" (REVEAL -5) (("4" (EXPAND "NewFeasible") (("4" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 41355 690 T NIL) (PERFECT_CLOCK_CASE2A-6 NIL 3387971064 3388681010 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_2") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Feasible") (("2" (INST-CP - "lambda (n:nat): n*Tmax") (("1" (INST -8 "0" "Tmax") (("1" (SKOSIMP) (("1" (ASSERT) (("1" (HIDE -7) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (BOTH-SIDES "/" "Tmax" -9) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmax" "n!1-1") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (LEMMA "times_div1") (("1" (INST?) (("1" (SIMPLIFY) (("1" (CASE "n!1-1>= (d!1 - delta_L) / Tmax") (("1" (EXPAND "<=" -4) (("1" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 99 1 T NIL) (PERFECT_CLOCK_CASE2A-5 NIL 3387970956 3387971054 (";;; Proof PERFECT_CLOCK_CASE2A-4 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (SKOLEM-TYPEPRED) ((";;; Proof PERFECT_CLOCK_CASE2A-4 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (FLATTEN) ((";;; Proof PERFECT_CLOCK_CASE2A-4 for formula Held_For_T.PERFECT_CLOCK_CASE2A" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_2") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) NIL))))))))) ("2" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL))))))))) ("4" (GRIND) NIL))))))))))))))) ("2" (HIDE 2) (("2" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL))))))))) ("4" (GRIND) NIL))))))))))))))))))) ("2" (GRIND) NIL))))))))))))) ("2" (EXPAND "Feasible") (("2" (INST-CP - "lambda (n:nat): n*Tmax") (("1" (INST -8 "0") (("1" (SKOLEM!) (("1" (INST-CP -8 "0") (("1" (SIMPLIFY) (("1" (FLATTEN) (("1" (INST -8 "Tmax") (("1" (FLATTEN) (("1" (ASSERT) (("1" (HIDE -7) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (BOTH-SIDES "/" "Tmax" -9 -12) (("1" (LEMMA "div_cancel1") (("1" (INST - "Tmax" "n!1-1") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (LEMMA "times_div1") (("1" (INST?) (("1" (SIMPLIFY) (("1" (CASE "n!1-1>= (d!1 - delta_L) / Tmax") (("1" (EXPAND "<=" -4) (("1" (BDDSIMP) (("1" (BOTH-SIDES "/" "Tmax" -15) (("1" (CASE "n!1<= (d!1 + delta_R) / Tmax") (("1" (CASE "floor((d!1 - delta_L) / Tmax) +2<= (d!1+delta_R)/Tmax") (("1" (BOTH-SIDES "*" "Tmax" -1) (("1" (ASSERT) NIL) ("2" (ASSERT) NIL))) ("2" (ASSERT) NIL))) ("2" (ASSERT) NIL))))) ("2" (ASSERT) (("2" (LEMMA "NewFeasibleAnddMinusDeltaL") (("2" (INST?) (("2" (BDDSIMP) (("1" (ASSERT) NIL) ("2" (ASSERT) NIL) ("3" (INST + "floor((d!1 - delta_L) / Tmax)") (("1" (ASSERT) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST?) NIL))))) ("4" (ASSERT) (("4" (REVEAL -5) (("4" (EXPAND "Feasible") (("4" (PROPAX) NIL))))))))))))))))))) ("2" (ASSERT) NIL))))))))))))))))))))))))))))))))) ("2" (ASSERT) NIL))))))) ("2" (GRIND) NIL)))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 9665 543 T NIL) (PERFECT_CLOCK_CASE2A-4 NIL 3387970884 3387970935 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_2") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (INST?) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (INST -1 "t!1" "floor((d!1 - delta_L) / t!1) * t!1" "d!1-delta_L") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Feasible") (("2" (INST-CP - "lambda (n:nat): n*Tmax") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (HIDE -7) (("1" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("1" (LEMMA "div_cancel1") (("1" (SIMPLIFY) (("1" (ASSERT) (("1" (LEMMA "times_div1") (("1" (INST?) (("1" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 5058 558 T NIL) (PERFECT_CLOCK_CASE2A-3 NIL 3387966061 3387970839 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_2") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BDDSIMP) (("1" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (GRIND) NIL NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "PERFECT_CLOCK_CASE2A_1") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (GRIND) NIL NIL)) NIL)) NIL) ("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SIMPLIFY) (("2" (ASSERT) (("2" (HIDE -7) (("2" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("2" (LEMMA "div_cancel1") (("2" (SIMPLIFY) (("2" (ASSERT) (("2" (LEMMA "times_div1") (("2" (INST?) (("2" (CASE "floor((d!1 - delta_L) / Tmax)*Tmax <= d!1 - delta_L") (("1" (ASSERT) (("1" (CASE "delta_L + delta_R < Tmax*2") (("1" (ASSERT) (("1" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 138 0 T NIL) (PERFECT_CLOCK_CASE2A-2 NIL 3387965357 3387965600 ("" (SKOLEM-TYPEPRED) (("" (FLATTEN) (("" (SPLIT) (("1" (LEMMA "TminAndKmax") (("1" (INST?) (("1" (ASSERT) (("1" (ASSERT) (("1" (HIDE 2) (("1" (CASE "Kmax(d!1) * Tmin = d!1 - delta_L OR Kmax(d!1) * Tmin /= d!1 - delta_L") (("1" (SPLIT) (("1" (BDDSIMP) (("1" (LEMMA "FEASIBLE22_MAIN0") (("1" (INST?) (("1" (ASSERT) (("1" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL) ("5" (POSTPONE) NIL NIL) ("6" (POSTPONE) NIL NIL) ("7" (POSTPONE) NIL NIL) ("8" (POSTPONE) NIL NIL) ("9" (POSTPONE) NIL NIL) ("10" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BDDSIMP) (("1" (LEMMA "FEASIBLE22_MAIN") (("1" (INST?) (("1" (ASSERT) (("1" (LEMMA "FLOOR_TRUTH2") (("1" (INST?) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (GRIND) NIL NIL)) NIL)) NIL) ("4" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL) ("5" (POSTPONE) NIL NIL) ("6" (POSTPONE) NIL NIL) ("7" (POSTPONE) NIL NIL) ("8" (POSTPONE) NIL NIL) ("9" (POSTPONE) NIL NIL) ("10" (POSTPONE) NIL NIL)) NIL) ("5" (POSTPONE) NIL NIL) ("6" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "FEASIBLE22_MAIN") (("2" (INST?) (("2" (LEMMA "FLOOR_TRUTH2") (("2" (INST?) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (SKOSIMP) (("3" (LEMMA "both_sides_div_pos_lt1") (("3" (GRIND) NIL NIL)) NIL)) NIL) ("4" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL) ("5" (POSTPONE) NIL NIL) ("6" (POSTPONE) NIL NIL) ("7" (POSTPONE) NIL NIL) ("8" (POSTPONE) NIL NIL) ("9" (POSTPONE) NIL NIL) ("10" (POSTPONE) NIL NIL)) NIL) ("5" (POSTPONE) NIL NIL) ("6" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SIMPLIFY) (("2" (ASSERT) (("2" (HIDE -7) (("2" (TYPEPRED "floor((d!1 - delta_L) / Tmax)") (("2" (LEMMA "div_cancel1") (("2" (SIMPLIFY) (("2" (ASSERT) (("2" (LEMMA "times_div1") (("2" (INST?) (("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 24106 5500 NIL NIL) (PERFECT_CLOCK_CASE2A-1 NIL 3387964398 3387964416 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 1772 1 T SHOSTAK)) (NO_CLOCK_CASE2B 0 (NO_CLOCK_CASE2B-5 "" 3395616318 3395616785 ("" (SKOSIMP) (("" (LEMMA "TminAndKmax") (("" (INST?) (("" (BDDSIMP) (("1" (LEMMA "FEASIBLE21_STRONGEST") (("1" (INST?) (("1" (ASSERT) (("1" (EXPAND "Kmax") (("1" (EXPAND "Kmin") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -3) (("2" (EXPAND "Feasible_Strongest") (("2" (INST 2 "Kmin(d!1)+2") (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (ASSERT) (("2" (TYPEPRED "t!1") (("2" (LEMMA "Sample_Interval2") (("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "2+Kmin(d!1)") (("2" (INST -2 "Sample!1" "n0!1+1" "1+Kmin(d!1)") (("2" (SPLIT) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (CASE "(2 + Kmin(d!1)) * (K + TR)<=d!1+delta_R") (("1" (ASSERT) NIL NIL) ("2" (CASE "Kmin(d!1)*Tmax<=d!1-delta_L") (("1" (EXPAND "Kmin") (("1" (ASSERT) (("1" (HIDE -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 2 3) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (HIDE -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 2 3 4) (("2" (GRIND) (("2" (TYPEPRED "floor((d!1 - delta_L) / (K + TR))") (("2" (BOTH-SIDES "*" "K+TR" -1) (("1" (CASE "(d!1 - delta_L) / (K + TR) * (K + TR)=d!1-delta_L") (("1" (ASSERT) NIL NIL) ("2" (HIDE -1 -2 2) (("2" (NAME-REPLACE "z!1" "K+TR") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_T| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_T| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_T| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_T| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|Sample_Interval2| FORMULA-DECL NIL |Held_For_T| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_plus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|nnreal_plus_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|integer| NONEMPTY-TYPE-FROM-DECL NIL |integers| NIL) (|floor| CONST-DECL "{i | i <= x & x numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|div_mult_pos_le2| FORMULA-DECL NIL |real_props| NIL) (|div_cancel2| FORMULA-DECL NIL |real_props| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Sample_Interval3| FORMULA-DECL NIL |Held_For_T| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (<= CONST-DECL "bool" |reals| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|Feasible_Strongest| CONST-DECL "bool" |Held_For_T| NIL) (FEASIBLE21_STRONGEST FORMULA-DECL NIL |Held_For_T| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_div_nzreal_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|posreal_times_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|Kmin| CONST-DECL "nat" |Held_For_T| NIL) (|Kmax| CONST-DECL "nat" |Held_For_T| NIL) (|TminAndKmax| FORMULA-DECL NIL |Held_For_T| NIL)) 1125 942 T NIL) (NO_CLOCK_CASE2B-4 "" 3389102247 3395266144 ("" (SKOSIMP) (("" (LEMMA "TminAndKmax") (("" (INST?) (("" (BDDSIMP) (("1" (LEMMA "FEASIBLE21_STRONGEST") (("1" (INST?) (("1" (ASSERT) (("1" (EXPAND "Kmax") (("1" (EXPAND "Kmin") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -3) (("2" (EXPAND "Feasible_Strongest") (("2" (INST 2 "Kmin(d!1)+2") (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (ASSERT) (("2" (TYPEPRED "t!1") (("2" (LEMMA "Sample_Interval2") (("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "2+Kmin(d!1)") (("2" (INST -2 "Sample!1" "n0!1+1" "1+Kmin(d!1)") (("2" (SPLIT) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (CASE "(2 + Kmin(d!1)) * (K + TR)<=d!1+delta_R") (("1" (ASSERT) NIL NIL) ("2" (CASE "Kmin(d!1)*Tmax<=d!1-delta_L") (("1" (EXPAND "Kmin") (("1" (ASSERT) (("1" (HIDE -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 2 3) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (HIDE -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 2 3 4) (("2" (GRIND) (("2" (TYPEPRED "floor((d!1 - delta_L) / (K + TR))") (("2" (BOTH-SIDES "*" "K+TR" -1) (("1" (CASE "(d!1 - delta_L) / (K + TR) * (K + TR)=d!1-delta_L") (("1" (ASSERT) NIL NIL) ("2" (HIDE -1 -2 2) (("2" (NAME-REPLACE "z!1" "K+TR") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 556 523 T NIL) (NO_CLOCK_CASE2B-3 "" 3389098806 3389102221 ("" (SKOSIMP) (("" (LEMMA "TminAndKmax") (("" (INST?) (("" (BDDSIMP) (("1" (LEMMA "FEASIBLE21_STRONGEST") (("1" (INST?) (("1" (ASSERT) (("1" (EXPAND "Kmax") (("1" (EXPAND "Kmin") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -3) (("2" (EXPAND "Feasible_Strongest") (("2" (INST 2 "Kmax(d!1)+2") (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (ASSERT) (("2" (TYPEPRED "t!1") (("2" (LEMMA "Sample_Interval2") (("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "2+Kmax(d!1)") (("2" (INST -2 "Sample!1" "n0!1+1" "1+Kmax(d!1)") (("2" (SPLIT) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (CASE "(2 + Kmax(d!1)) * (K + TR)<=d!1+delta_R") (("1" (ASSERT) NIL NIL) ("2" (CASE "Kmax(d!1)*Tmax<=d!1-delta_L") (("1" (BOTH-SIDES "*" "2" -9) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 2991 403 T SHOSTAK) (NO_CLOCK_CASE2B-2 NIL 3388947222 3389098766 ("" (SKOSIMP) (("" (LEMMA "TminAndKmax") (("" (INST?) (("" (BDDSIMP) (("1" (LEMMA "FEASIBLE21_STRONGEST") (("1" (INST?) (("1" (ASSERT) (("1" (EXPAND "Kmax") (("1" (EXPAND "Kmin") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -3) (("2" (EXPAND "Feasible_Strongest") (("2" (INST 2 "Kmax(d!1)+2") (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (ASSERT) (("2" (TYPEPRED "t!1") (("2" (LEMMA "Sample_Interval2") (("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "2+Kmax(d!1)") (("2" (INST -2 "Sample!1" "n0!1+1" "1+Kmax(d!1)") (("2" (SPLIT) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (CASE "(2 + Kmax(d!1)) * (K + TR)<=d!1+delta_R") (("1" (ASSERT) NIL NIL) ("2" (CASE "Kmax(d!1)*Tmax<=d!1-delta_L") (("1" (BOTH-SIDES "*" "Tmax" -9) (("1" (ASSERT) (("1" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 7314 1516 T NIL) (NO_CLOCK_CASE2B-1 NIL 3388947211 3388947212 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 135 1 T SHOSTAK)) (PERFECT_CLOCK_CASE1B 0 (PERFECT_CLOCK_CASE1B-1 NIL 3386921850 3395266147 ("" (SKOSIMP) (("" (EXPAND "NewFeasible") (("" (EXPAND "Tmax") (("" (SKOSIMP) (("" (SKOSIMP) (("" (CASE "EXISTS (n:nat): Sample!1(n)<=Sample!1(n0!1)+d!1+delta_R AND Sample!1(n+1)>Sample!1(n0!1)+d!1+delta_R") (("1" (SKOSIMP) (("1" (INST 1 "n!1") (("1" (SKOSIMP) (("1" (SPLIT) (("1" (CASE "t!1<=Sample!1(n0!1)+delta_R+delta_L-Tmax") (("1" (CASE "Sample!1(n!1)>=d!1+delta_R-Tmax+Sample!1(n0!1)") (("1" (EXPAND "Tmax") (("1" (GRIND) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (EXPAND "Tmax") (("2" (GRIND) (("2" (TYPEPRED "t!1") (("2" (GRIND) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n0!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "TClock_1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "TClock_1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL)) 259 244 NIL NIL)) (NO_CLOCK_IMPLIES_PERFECT_CLOCK 0 (NO_CLOCK_IMPLIES_PERFECT_CLOCK-1 NIL 3386908906 3395266147 ("" (SKOSIMP) (("" (EXPAND "Feasible_Strongest") (("" (EXPAND "NewFeasible") (("" (SKOSIMP) (("" (SKOSIMP) (("" (SKOSIMP) (("" (INST -1 "Sample!1") (("" (INST -1 "n0!1") (("" (INST 1 "n0!1+n!1") NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 29 26 T SHOSTAK)) (PERFECT_CLOCK_IMPLIES_IDEAL 0 (PERFECT_CLOCK_IMPLIES_IDEAL-1 NIL 3386918744 3395266148 ("" (SKOSIMP) (("" (EXPAND "NewFeasible") (("" (EXPAND "Feasible") (("" (SKOSIMP) (("" (SKOSIMP) (("" (INST -1 "Sample!1") (("" (TYPEPRED "t!1") (("" (INST -4 "n0!1") (("" (SKOSIMP) (("" (INST 1 "n!1") (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL)) 76 71 T SHOSTAK)) (NO_CLOCK_CASE1 0 (NO_CLOCK_CASE1-3 NIL 3388777195 3395266159 ("" (SKOSIMP) (("" (BDDSIMP) (("1" (EXPAND "Feasible_Strongest") (("1" (INST 2 "ceiling((d!1-delta_L)/Tmin)+1") (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (BDDSIMP) (("1" (LEMMA "Sample_Interval3") (("1" (INST -1 "Sample!1" "n0!1" "ceiling((d!1 - delta_L) / Tmin) + 1") (("1" (TYPEPRED "t!1") (("1" (GRIND) NIL NIL)) NIL) ("2" (LEMMA "CEILING_COMMON") (("2" (INST?) (("1" (ASSERT) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "n0!1+1" "ceiling((d!1 - delta_L) / Tmin)") (("1" (CASE "ceiling((d!1 - delta_L) / Tmin) * (K - TL)>=d!1-delta_L") (("1" (GRIND) NIL NIL) ("2" (HIDE 2 3) (("2" (TYPEPRED "ceiling((d!1 - delta_L) / Tmin)") (("2" (LEMMA "both_sides_times_pos_le1") (("2" (INST -1 "Tmin" "(d!1 - delta_L) / Tmin" "ceiling((d!1 - delta_L) / Tmin)") (("2" (HIDE -3 -4 -5 -6) (("2" (BDDSIMP) (("2" (CASE "Tmin=K-TL") (("1" (REPLACE -1 * RL) (("1" (CASE "(d!1 - delta_L) / Tmin * Tmin=d!1-delta_L") (("1" (GRIND) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2 3) (("2" (LEMMA "CEILING_COMMON") (("2" (INST?) (("1" (ASSERT) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "CEILING_COMMON") (("2" (INST?) (("1" (ASSERT) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Feasible_Strongest") (("2" (SKOSIMP) (("2" (INST -2 "lambda (n:nat):n*Tmax") (("1" (CASE "(ceiling((d!1 - delta_L) / Tmin) + 1) * Tmax > d!1 + delta_R") (("1" (HIDE 2) (("1" (INST -3 "0") (("1" (CASE "FORALL (t: time[K] | t >= 0 * Tmax AND t <= Tmax): (0 + n!1) * Tmax - t >= d!1 - delta_L AND (0 + n!1) * Tmax - t <= d!1 + delta_R") (("1" (INST -1 "0") (("1" (ASSERT) (("1" (FLATTEN) (("1" (HIDE -5) (("1" (CASE "n!1<=ceiling((d!1 - delta_L) / Tmin)+1") (("1" (CASE "n!1 < ceiling((d!1 - delta_L) / Tmin) + 1 OR n!1 = ceiling((d!1 - delta_L) / Tmin) + 1") (("1" (SPLIT) (("1" (HIDE -2 -3 -4) (("1" (REVEAL -7) (("1" (INST -1 "lambda (n:nat):n*Tmin") (("1" (INST -1 "0") (("1" (CASE "n!1 = ceiling((d!1 - delta_L) / Tmin) OR n!1 < ceiling((d!1 - delta_L) / Tmin)") (("1" (SPLIT) (("1" (HIDE -3) (("1" (REPLACE -1 * LR) (("1" (HIDE -1) (("1" (INST -1 "Tmin") (("1" (CASE "Tmin>ceiling((d!1 - delta_L) / Tmin) * Tmin -(d!1 - delta_L)") (("1" (ASSERT) NIL NIL) ("2" (HIDE -1 -2 -3 2) (("2" (TYPEPRED "ceiling((d!1 - delta_L) / Tmin)") (("2" (ASSERT) (("2" (BOTH-SIDES "*" "Tmin" -2) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "FORALL (t: time[K] | t >= 0 * Tmin AND t <= Tmin): (0 + n!1) * Tmin - t >= d!1 - delta_L AND (0 + n!1) * Tmin - t <= d!1 + delta_R") (("1" (HIDE -3) (("1" (INST -1 "ceiling((d!1 - delta_L) / Tmin)*Tmin-(d!1-delta_L)") (("1" (CASE "n!1*Tmin < ceiling((d!1 - delta_L) / Tmin)*Tmin") (("1" (BDDSIMP) (("1" (GRIND) NIL NIL)) NIL) ("2" (BOTH-SIDES "/" "Tmin" 1) (("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (BOTH-SIDES "/" "Tmin" 1) (("1" (TYPEPRED "ceiling((d!1 - delta_L) / Tmin[K, TL, TR])") (("1" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -1 -3 -4 -5 2) (("2" (SKOSIMP) (("2" (CASE "t!1>0 OR t!1=0") (("1" (SPLIT) (("1" (INST -2 "t!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) (("2" (REPLACE -1 * LR) (("2" (ASSERT) (("2" (SPLIT) (("1" (INST -2 "Tmin") (("1" (ASSERT) NIL NIL)) NIL) ("2" (CASE "n!1 * Tmin > d!1 + delta_R") (("1" (HIDE 1) (("1" (INST -3 "n!1*Tmin-(d!1+delta_R)") (("1" (ASSERT) (("1" (REVEAL -2) (("1" (ASSERT) (("1" (TYPEPRED "ceiling((d!1 - delta_L) / Tmin)") (("1" (ASSERT) (("1" (CASE "n!1*Tmin<=d!1-delta_L") (("1" (GRIND) NIL NIL) ("2" (CASE "n!1<=ceiling((d!1 - delta_L) / Tmin)-1") (("1" (BOTH-SIDES "*" "Tmin" -1) (("1" (BOTH-SIDES "*" "Tmin" -3) (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (REVEAL -2) (("2" (BOTH-SIDES "*" "Tmin" -1) (("2" (TYPEPRED "ceiling((d!1 - delta_L) / Tmin)") (("2" (BOTH-SIDES "*" "Tmin" -2) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (CASE "n!1*Tmax<= (ceiling((d!1 - delta_L) / Tmin) + 1)*Tmax") (("1" (LEMMA "both_sides_times_pos_le1") (("1" (INST -1 "Tmax" "n!1" "ceiling((d!1 - delta_L) / Tmin) + 1") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (SKOSIMP) (("2" (ASSERT) (("2" (SPLIT) (("1" (INST -3 "Tmax") (("1" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) (("2" (CASE "n!1 * Tmax - t!1 > d!1 + delta_R") (("1" (HIDE 1) (("1" (CASE "t!1=0 or t!1>0") (("1" (SPLIT) (("1" (REPLACE -1 * LR) (("1" (HIDE -1) (("1" (ASSERT) (("1" (INST -4 "(n!1 * Tmax -( d!1 + delta_R))/2") (("1" (ASSERT) NIL NIL) ("2" (ASSERT) (("2" (TYPEPRED "n!1") (("2" (REVEAL -1) (("2" (INST -1 "Tmax") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INST -5 "t!1") (("1" (ASSERT) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL)) 1073 1010 T NIL) (NO_CLOCK_CASE1-2 NIL 3386921203 3388776750 ("" (SKOSIMP) (("" (BDDSIMP) (("1" (EXPAND "Feasible_Strongest") (("1" (INST 2 "ceiling((d!1-delta_L)/Tmin)+1") (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (BDDSIMP) (("1" (LEMMA "Sample_Interval3") (("1" (INST -1 "Sample!1" "n0!1" "ceiling((d!1 - delta_L) / Tmin) + 1") (("1" (TYPEPRED "t!1") (("1" (GRIND) NIL NIL)) NIL) ("2" (LEMMA "CEILING_COMMON") (("2" (INST?) (("1" (ASSERT) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "n0!1+1" "ceiling((d!1 - delta_L) / Tmin)") (("1" (CASE "ceiling((d!1 - delta_L) / Tmin) * (K - TL)>=d!1-delta_L") (("1" (GRIND) NIL NIL) ("2" (HIDE 2 3) (("2" (TYPEPRED "ceiling((d!1 - delta_L) / Tmin)") (("2" (LEMMA "both_sides_times_pos_le1") (("2" (INST -1 "Tmin" "(d!1 - delta_L) / Tmin" "ceiling((d!1 - delta_L) / Tmin)") (("2" (HIDE -3 -4 -5 -6) (("2" (BDDSIMP) (("2" (CASE "Tmin=K-TL") (("1" (REPLACE -1 * RL) (("1" (CASE "(d!1 - delta_L) / Tmin * Tmin=d!1-delta_L") (("1" (GRIND) NIL NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2 3) (("2" (LEMMA "CEILING_COMMON") (("2" (INST?) (("1" (ASSERT) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "CEILING_COMMON") (("2" (INST?) (("1" (ASSERT) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Feasible_Strongest") (("2" (SKOSIMP) (("2" (INST -2 "lambda (n:nat):n*Tmax") (("1" (CASE "(ceiling((d!1 - delta_L) / Tmin) + 1) * Tmax > d!1 + delta_R") (("1" (HIDE 2) (("1" (INST -3 "0") (("1" (ASSERT) (("1" (CASE "n!1<=ceiling((d!1 - delta_L) / Tmin)+1") (("1" (CASE "n!1 < ceiling((d!1 - delta_L) / Tmin) + 1 OR n!1 = ceiling((d!1 - delta_L) / Tmin) + 1") (("1" (SPLIT) (("1" (HIDE -2) (("1" (HIDE -4 -5) (("1" (CASE "n!1 = ceiling((d!1 - delta_L) / Tmin) OR n!1 < ceiling((d!1 - delta_L) / Tmin)") (("1" (SPLIT) (("1" (HIDE -3) (("1" (REPLACE -1 * LR) (("1" (HIDE -1) (("1" (CASE "(ceiling((d!1 - delta_L) / Tmin) * Tmin -(d!1 - delta_L)+Tmin)/2>ceiling((d!1 - delta_L) / Tmin) * Tmin -(d!1 - delta_L)") (("1" (GRIND) (("1" (POSTPONE) NIL NIL)) NIL) ("2" (HIDE -1 -2 -3 2) (("2" (CASE "ceiling((d!1 - delta_L) / Tmin) * Tmin - (d!1 - delta_L) < Tmin") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (TYPEPRED "ceiling((d!1 - delta_L) / Tmin)") (("2" (BOTH-SIDES "*" "Tmin" -2) (("2" (CASE "(1 + (d!1 - delta_L) / Tmin) * Tmin=d!1-delta_L+Tmin") (("1" (GRIND) NIL NIL) ("2" (HIDE -1 -2 2) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "n!1*Tmin < ceiling((d!1 - delta_L) / Tmin)*Tmin") (("1" (GRIND) (("1" (POSTPONE) NIL NIL)) NIL) ("2" (HIDE -2 -3 -4 -5 2) (("2" (ASSERT) (("2" (BOTH-SIDES "/" "Tmin" 1) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (CASE "n!1*Tmax<= (ceiling((d!1 - delta_L) / Tmin) + 1)*Tmax") (("1" (LEMMA "both_sides_times_pos_le1") (("1" (INST -1 "Tmax" "n!1" "ceiling((d!1 - delta_L) / Tmin) + 1") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (GRIND) (("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 1022 995 T NIL) (NO_CLOCK_CASE1-1 NIL 3386921187 3386921190 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 3484 50 T SHOSTAK)) (PERFECT_CLOCK_CASE1 0 (PERFECT_CLOCK_CASE1-2 NIL 3389177617 3395266161 ("" (SKOSIMP) (("" (EXPAND "NewFeasible") (("" (EXPAND "Tmax") (("" (SKOSIMP) (("" (SKOSIMP) (("" (CASE "EXISTS (n:nat): Sample!1(n)<=Sample!1(n0!1)+d!1+delta_R AND Sample!1(n+1)>Sample!1(n0!1)+d!1+delta_R") (("1" (SKOSIMP) (("1" (INST 1 "n!1") (("1" (SKOSIMP) (("1" (SPLIT) (("1" (CASE "t!1<=Sample!1(n0!1)+delta_R+delta_L-Tmax") (("1" (CASE "Sample!1(n!1)>=d!1+delta_R-Tmax+Sample!1(n0!1)") (("1" (EXPAND "Tmax") (("1" (GRIND) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (EXPAND "Tmax") (("2" (GRIND) (("2" (TYPEPRED "t!1") (("2" (GRIND) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n0!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "TClock_1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (LEMMA "TClock_1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL)) 278 262 NIL NIL) (PERFECT_CLOCK_CASE1-1 NIL 3386920312 3389096410 ("" (SKOSIMP) (("" (LEMMA "NO_CLOCK_IMPLIES_PERFECT_CLOCK") (("" (LEMMA "PERFECT_CLOCK_IMPLIES_IDEAL") (("" (LEMMA "IDEAL_CLOCK_CASE1A") (("" (LEMMA "PERFECT_CLOCK_CASE1B") (("" (INST?) (("" (INST -2 "d!1") (("" (INST -3 "d!1") (("" (INST -4 "d!1") (("" (BDDSIMP) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED NIL 18 18 T SHOSTAK)) (IDEAL_CLOCK_CASE1 0 (IDEAL_CLOCK_CASE1-4 NIL 3389177684 3395266162 ("" (SKOSIMP) (("" (LEMMA "NO_CLOCK_IMPLIES_PERFECT_CLOCK") (("" (LEMMA "PERFECT_CLOCK_IMPLIES_IDEAL") (("" (LEMMA "PERFECT_CLOCK_CASE1") (("" (LEMMA "PERFECT_CLOCK_CASE1B") (("" (INST -1 "d!1") (("" (INST -3 "d!1") (("" (INST -4 "d!1") (("" (BDDSIMP) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 19 17 NIL NIL) (IDEAL_CLOCK_CASE1-3 NIL 3386920899 3389177652 ("" (SKOSIMP) (("" (LEMMA "NO_CLOCK_IMPLIES_PERFECT_CLOCK") (("" (LEMMA "PERFECT_CLOCK_IMPLIES_IDEAL") (("" (LEMMA "IDEAL_CLOCK_CASE1A") (("" (LEMMA "PERFECT_CLOCK_CASE1B") (("" (INST -1 "d!1") (("" (INST -2 "d!1") (("" (INST -3 "d!1") (("" (INST -4 "d!1") (("" (BDDSIMP) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED NIL 35 31 T NIL) (IDEAL_CLOCK_CASE1-2 NIL 3386920858 3386920880 ("" (SKOSIMP) (("" (LEMMA "NO_CLOCK_IMPLIES_PERFECT_CLOCK") (("" (LEMMA "PERFECT_CLOCK_IMPLIES_IDEAL") (("" (LEMMA "IDEAL_CLOCK_CASE1A") (("" (LEMMA "PERFECT_CLOCK_CASE1B") (("" (INST?) (("" (INST -2 "d!1") (("" (INST -3 "d!1") (("" (INST -4 "d!1") (("" (BDDSIMP) NIL)))))))))))))))))) NIL) UNFINISHED NIL 20282 230 T NIL) (IDEAL_CLOCK_CASE1-1 NIL 3386920821 3386920825 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 3922 40 T SHOSTAK)) (NO_CLOCK_CASE2 0 (NO_CLOCK_CASE2-1 NIL 3386869618 3395266163 ("" (LEMMA "PERFECT_CLOCK_CASE2A") (("" (LEMMA "NO_CLOCK_CASE2B") (("" (LEMMA "PERFECT_CLOCK_IMPLIES_IDEAL") (("" (LEMMA "NO_CLOCK_IMPLIES_PERFECT_CLOCK") (("" (SKOSIMP) (("" (SPLIT) (("1" (INST? -3) (("1" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) (("2" (INST? -4) (("2" (INST? -1) (("2" (INST? -2) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 144 135 T SHOSTAK)) (PERFECT_CLOCK_CASE2 0 (PERFECT_CLOCK_CASE2-3 NIL 3386919113 3395266164 ("" (LEMMA "PERFECT_CLOCK_CASE2A") (("" (LEMMA "NO_CLOCK_CASE2B") (("" (LEMMA "PERFECT_CLOCK_IMPLIES_IDEAL") (("" (LEMMA "NO_CLOCK_IMPLIES_PERFECT_CLOCK") (("" (SKOSIMP) (("" (SPLIT) (("1" (INST? -3) (("1" (ASSERT) (("1" (INST? -1) (("1" (INST? -2) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (INST? -4) (("2" (INST? -1) (("2" (INST? -2) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|time| TYPE-EQ-DECL NIL |Clocks| NIL)) 140 132 NIL NIL) (PERFECT_CLOCK_CASE2-2 NIL 3386919060 3386919073 ("" (LEMMA "NO_CLOCK_CASE2") (("" (LEMMA "NO_CLOCK_IMPLIES_PERFECT_CLOCK") (("" (SKOSIMP) (("" (INST?) (("" (INST?) (("" (ASSERT) (("" (BDDSIMP) (("1" (POSTPONE) NIL) ("2" (POSTPONE) NIL)))))))))))))) NIL) UNFINISHED NIL 11438 320 T NIL) (PERFECT_CLOCK_CASE2-1 NIL 3386844582 3386908651 ("" (LEMMA "NO_CLOCK_CASE2") (("" (LEMMA "NO_CLOCK_IMPLIES_PERFECT_CLOCK") (("" (SKOSIMP) (("" (INST?) (("" (INST?) (("" (ASSERT) (("" (BDDSIMP) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 347 270 T SHOSTAK)) (IDEAL_CLOCK_CASE2 0 (IDEAL_CLOCK_CASE2-1 NIL 3386919224 3395614715 ("" (LEMMA "PERFECT_CLOCK_CASE2A") (("" (LEMMA "NO_CLOCK_CASE2B") (("" (LEMMA "PERFECT_CLOCK_IMPLIES_IDEAL") (("" (LEMMA "NO_CLOCK_IMPLIES_PERFECT_CLOCK") (("" (SKOSIMP) (("" (SPLIT) (("1" (INST? -3) (("1" (ASSERT) (("1" (SKOSIMP) (("1" (BDDSIMP) (("1" (INST? -3) (("1" (INST? -4) (("1" (BDDSIMP) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (INST? -4) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 253 249 T NIL)) (FEASIBLE_POINT_STRONGEST 0 (FEASIBLE_POINT_STRONGEST-3 NIL 3395658998 3395659090 ("" (SKOSIMP) (("" (EXPAND "Tmin") (("" (EXPAND "Tmax") (("" (EXPAND "Feasible_Point") (("" (NAME-REPLACE "k" "floor((d!1 - delta_L) / (K - TL))") (("" (SKOSIMP) (("" (SKOSIMP) (("" (SKOSIMP) (("" (SPLIT) (("1" (CASE "Sample!1(n0!1 + k + 2) >= Sample!1(n0!1 + 1) + d!1 - delta_L") (("1" (GRIND) NIL NIL) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval") (("2" (INST -1 "Sample!1" "n0!1+1" "d!1-delta_L") (("2" (EXPAND "Tmin") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "Sample!1(n0!1+k)-t!1<=k*(K+TR)") (("1" (CASE "Sample!1(n0!1+k+2)<=Sample!1(n0!1+k)+2*(K+TR)") (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -5) (("2" (TYPEPRED "Sample!1") (("2" (TYPEPRED "Sample!1") (("2" (INST -2 "n0!1+k") (("1" (INST -1 "n0!1+k+1") (("1" (GRIND) NIL NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL NIL)) NIL)) NIL) ("4" (LEMMA "FLOOR_TRUTH") (("4" (INST -1 "d!1") (("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "k") (("1" (GRIND) NIL NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_times_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_plus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_div_nzreal_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|integer| NONEMPTY-TYPE-FROM-DECL NIL |integers| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|floor| CONST-DECL "{i | i <= x & x numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_T| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_T| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_T| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_T| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (FLOOR_TRUTH FORMULA-DECL NIL |Held_For_T| NIL) (|Sample_Interval| FORMULA-DECL NIL |Held_For_T| NIL) (|Kmin| CONST-DECL "nat" |Held_For_T| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) NIL NIL NIL (|nnreal_plus_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|Sample_Interval3| FORMULA-DECL NIL |Held_For_T| NIL) (|Feasible_Point| CONST-DECL "bool" |Held_For_T| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL)) 623 622 T NIL) (FEASIBLE_POINT_STRONGEST-2 NIL 3395658952 3395658969 (";;; Proof FEASIBLE_POINT_STRONGEST-1 for formula Held_For_T.FEASIBLE_POINT_STRONGEST" (SKOSIMP) ((";;; Proof FEASIBLE_POINT_STRONGEST-1 for formula Held_For_T.FEASIBLE_POINT_STRONGEST" (EXPAND "Tmin") ((";;; Proof FEASIBLE_POINT_STRONGEST-1 for formula Held_For_T.FEASIBLE_POINT_STRONGEST" (EXPAND "Tmax") ((";;; Proof FEASIBLE_POINT_STRONGEST-1 for formula Held_For_T.FEASIBLE_POINT_STRONGEST" (EXPAND "Feasible_POINT") ((";;; Proof FEASIBLE_POINT_STRONGEST-1 for formula Held_For_T.FEASIBLE_POINT_STRONGEST" (NAME-REPLACE "k" "floor((d!1 - delta_L) / (K - TL))") ((";;; Proof FEASIBLE_POINT_STRONGEST-1 for formula Held_For_T.FEASIBLE_POINT_STRONGEST" (INST 1 "k+2") (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (SPLIT) (("1" (CASE "Sample!1(n0!1 + k + 2) >= Sample!1(n0!1 + 1) + d!1 - delta_L") (("1" (GRIND) NIL) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval") (("2" (INST -1 "Sample!1" "n0!1+1" "d!1-delta_L") (("2" (EXPAND "Tmin") (("2" (GRIND) NIL))))))))) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL))))))) ("2" (ASSERT) (("2" (CASE "Sample!1(n0!1+k)-t!1<=k*(K+TR)") (("1" (CASE "Sample!1(n0!1+k+2)<=Sample!1(n0!1+k)+2*(K+TR)") (("1" (ASSERT) NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -5) (("2" (TYPEPRED "Sample!1") (("2" (TYPEPRED "Sample!1") (("2" (INST -2 "n0!1+k") (("1" (INST -1 "n0!1+k+1") (("1" (GRIND) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL))))))) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL))))))))))))))) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL))))) ("4" (LEMMA "FLOOR_TRUTH") (("4" (INST -1 "d!1") (("4" (GRIND) NIL))))))) ("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "k") (("1" (GRIND) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL))))))))) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL))))))))))))))))) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL)))))))))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 1556 157 T NIL) (FEASIBLE_POINT_STRONGEST-1 NIL 3395658918 NIL ("" (SKOSIMP) (("" (EXPAND "Tmin") (("" (EXPAND "Tmax") (("" (EXPAND "Feasible_POINT") (("" (NAME-REPLACE "k" "floor((d!1 - delta_L) / (K - TL))") (("" (INST 1 "k+2") (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (SPLIT) (("1" (CASE "Sample!1(n0!1 + k + 2) >= Sample!1(n0!1 + 1) + d!1 - delta_L") (("1" (GRIND) NIL) ("2" (HIDE 2) (("2" (LEMMA "Sample_Interval") (("2" (INST -1 "Sample!1" "n0!1+1" "d!1-delta_L") (("2" (EXPAND "Tmin") (("2" (GRIND) NIL))))))))) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL))))))) ("2" (ASSERT) (("2" (CASE "Sample!1(n0!1+k)-t!1<=k*(K+TR)") (("1" (CASE "Sample!1(n0!1+k+2)<=Sample!1(n0!1+k)+2*(K+TR)") (("1" (ASSERT) NIL) ("2" (HIDE 2) (("2" (HIDE -1 -2 -3 -4 -5) (("2" (TYPEPRED "Sample!1") (("2" (TYPEPRED "Sample!1") (("2" (INST -2 "n0!1+k") (("1" (INST -1 "n0!1+k+1") (("1" (GRIND) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL))))))) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL))))))))))))))) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL))))) ("4" (LEMMA "FLOOR_TRUTH") (("4" (INST -1 "d!1") (("4" (GRIND) NIL))))))) ("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "k") (("1" (GRIND) NIL) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL))))))))) ("3" (LEMMA "FLOOR_TRUTH") (("3" (INST -1 "d!1") (("3" (GRIND) NIL))))))))))))))))) ("2" (LEMMA "FLOOR_TRUTH") (("2" (INST -1 "d!1") (("2" (GRIND) NIL)))))))))))))))) NIL) UNCHECKED NIL NIL NIL NIL NIL)) (PERFECT_CLOCK_CASE2B 0 (PERFECT_CLOCK_CASE2B-3 NIL 3395659202 3395659215 ("" (SKOSIMP) (("" (LEMMA "TminAndKmax") (("" (INST?) (("" (BDDSIMP) (("1" (LEMMA "FEASIBLE_POINT_STRONGEST") (("1" (INST?) (("1" (ASSERT) (("1" (EXPAND "Kmax") (("1" (EXPAND "Kmin") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -3) (("2" (EXPAND "Feasible_Point") (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (ASSERT) (("2" (TYPEPRED "t!1") (("2" (LEMMA "Sample_Interval2") (("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "2+Kmin(d!1)") (("2" (INST -2 "Sample!1" "n0!1+1" "1+Kmin(d!1)") (("2" (SPLIT) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (CASE "(2 + Kmin(d!1)) * (K + TR)<=d!1+delta_R") (("1" (ASSERT) NIL NIL) ("2" (CASE "Kmin(d!1)*Tmax<=d!1-delta_L") (("1" (EXPAND "Kmin") (("1" (ASSERT) (("1" (HIDE -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 2 3) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (HIDE -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 2 3 4) (("2" (GRIND) (("2" (TYPEPRED "floor((d!1 - delta_L) / (K + TR))") (("2" (BOTH-SIDES "*" "K+TR" -1) (("1" (CASE "(d!1 - delta_L) / (K + TR) * (K + TR)=d!1-delta_L") (("1" (ASSERT) NIL NIL) ("2" (HIDE -1 -2 2) (("2" (NAME-REPLACE "z!1" "K+TR") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_T| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_T| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_T| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_T| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (<= CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_T| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Sample_Interval3| FORMULA-DECL NIL |Held_For_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|div_cancel2| FORMULA-DECL NIL |real_props| NIL) (|div_mult_pos_le2| FORMULA-DECL NIL |real_props| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|floor| CONST-DECL "{i | i <= x & x < i + 1}" |floor_ceil| NIL) (|integer| NONEMPTY-TYPE-FROM-DECL NIL |integers| NIL) (|nnreal_plus_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_plus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|Sample_Interval2| FORMULA-DECL NIL |Held_For_T| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|Feasible_Point| CONST-DECL "bool" |Held_For_T| NIL) (FEASIBLE_POINT_STRONGEST FORMULA-DECL NIL |Held_For_T| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_div_nzreal_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|posreal_times_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|Kmin| CONST-DECL "nat" |Held_For_T| NIL) (|Kmax| CONST-DECL "nat" |Held_For_T| NIL) (|TminAndKmax| FORMULA-DECL NIL |Held_For_T| NIL)) 1222 1071 NIL NIL) (PERFECT_CLOCK_CASE2B-2 NIL 3395616835 3395659152 (";;; Proof PERFECT_CLOCK_CASE2B-1 for formula Held_For_T.PERFECT_CLOCK_CASE2B" (SKOSIMP) ((";;; Proof PERFECT_CLOCK_CASE2B-1 for formula Held_For_T.PERFECT_CLOCK_CASE2B" (LEMMA "TminAndKmax") ((";;; Proof PERFECT_CLOCK_CASE2B-1 for formula Held_For_T.PERFECT_CLOCK_CASE2B" (INST?) ((";;; Proof PERFECT_CLOCK_CASE2B-1 for formula Held_For_T.PERFECT_CLOCK_CASE2B" (BDDSIMP) (("1" (LEMMA "FEASIBLE21_STRONGEST") (("1" (INST?) (("1" (ASSERT) (("1" (EXPAND "Kmax") (("1" (EXPAND "Kmin") (("1" (ASSERT) NIL))))))))))) ("2" (HIDE -3) (("2" (EXPAND "Feasible_Strongest") (("2" (INST 2 "Kmin(d!1)+2") (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (ASSERT) (("2" (TYPEPRED "t!1") (("2" (LEMMA "Sample_Interval2") (("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n0!1" "2+Kmin(d!1)") (("2" (INST -2 "Sample!1" "n0!1+1" "1+Kmin(d!1)") (("2" (SPLIT) (("1" (ASSERT) (("1" (GRIND) NIL))) ("2" (CASE "(2 + Kmin(d!1)) * (K + TR)<=d!1+delta_R") (("1" (ASSERT) NIL) ("2" (CASE "Kmin(d!1)*Tmax<=d!1-delta_L") (("1" (EXPAND "Kmin") (("1" (ASSERT) (("1" (HIDE -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 2 3) (("1" (GRIND) NIL))))))) ("2" (ASSERT) (("2" (HIDE -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 2 3 4) (("2" (GRIND) (("2" (TYPEPRED "floor((d!1 - delta_L) / (K + TR))") (("2" (BOTH-SIDES "*" "K+TR" -1) (("1" (CASE "(d!1 - delta_L) / (K + TR) * (K + TR)=d!1-delta_L") (("1" (ASSERT) NIL) ("2" (HIDE -1 -2 2) (("2" (NAME-REPLACE "z!1" "K+TR") (("2" (ASSERT) NIL))))))) ("2" (ASSERT) NIL)))))))))))))))))))))))))))))))))))))))))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 113 1 T NIL) (PERFECT_CLOCK_CASE2B-1 NIL 3395616640 3395616662 ("" (SKOSIMP) (("" (POSTPONE) NIL NIL)) NIL) UNFINISHED NIL 2243 12 T SHOSTAK))) $$$Held_For.pvs Held_For [K:posreal] : THEORY BEGIN IMPORTING Clocks[K] t, t_now,t_n,t_j: VAR clock duration:VAR time P: VAR pred[clock] Held_For(P, duration): pred[clock]= (LAMBDA (t_n):EXISTS(t_j):(t_n-t_j>=duration) and FORALL(t:clock|t>=t_j&t<=t_n):P(t)) END Held_For Held_For_TD [K:posreal, (IMPORTING Clocks[K]) TL,TR:{t:time|tdelta_L AND du>delta_R AND du-delta_L>K+TR} d:VAR Duration Decision(d):{dur:time| dur>=d-delta_L AND dur<=d+delta_R} = choose({dur:time| dur>=d-delta_L AND dur<=d+delta_R}) duration(P,d,t):RECURSIVE time = TABLE |[init(t) OR P(t) AND NOT P(pre(t)) | NOT init(t) & (NOT P(t) OR P(pre(t))) ]| |Decision(d) | duration(P,d,pre(t)) || ENDTABLE MEASURE rank(t) Event_Start_time(P,t):RECURSIVE tick= TABLE | init(t) OR P(t) AND NOT P(pre(t)) | t || | NOT init(t) & (NOT P(t) OR P(pre(t))) | Event_Start_time(P,pre(t)) || ENDTABLE MEASURE rank(t) Held_For_T(P,d):pred[tick]= LAMBDA (t_now:tick):TABLE | P(t_now) AND t_now-Event_Start_time(P,t_now)>=duration(P,d,t_now) | TRUE || | P(t_now) AND t_now-Event_Start_time(P,t_now)delta_L test0: LEMMA Decision(d)>=d-delta_L AND Decision(d)<=d+delta_R test1: LEMMA duration(P,d,t)>=d-delta_L test2: LEMMA Event_Start_time(P,t)<=t Sample_Type: Type={S:Tclock| FORALL (n:nat): EXISTS (t:tick): S(n)=t} Sample: VAR Sample_Type ne,n0,n:var nat duration:var time t_n,t_j:var tick Held_For(P, duration): pred[tick]= (LAMBDA (t_n):EXISTS(t_j):(t_n-t_j>=duration) and FORALL(t:tick|t>=t_j&t<=t_n):P(t)) %Held_For(P,d,ne):pred[Sample_Type]=(LAMBDA (Sample:Sample_Type):EXISTS(ns:nat):(Sample(ne)-Sample(ns)>=d) AND FORALL(n:nat|n<=ne AND n>=ns):P(Sample(n))) %(LAMBDA (t_n):EXISTS(t_j):(t_n-t_j>=duration) and FORALL(t:clock|t>=t_j&t<=t_n):P(t)) Held_For_I(P,duration,Sample)(ne):bool= EXISTS(n0|Sample(ne)-Sample(n0)>=duration-delta_L):FORALL(n:nat|n0<=n AND n<=ne):P(Sample(n)) %TABLE %| Tmax<=(delta_L+delta_R)/2 | FORALL(n:nat|n0<=n AND n<=ne):P(Sample(n))|| %|(delta_L + delta_R) / 2 <= Tmax AND Tmax <= (delta_L + delta_R) | FORALL(n:nat|ne-Kmin(d)-1<=n & n<=ne):P(Sample(n)) || %ENDTABLE Sample_Positive: LEMMA FORALL(n:nat): Sample(n)>=0 Sample_Compare: LEMMA FORALL(n1,n2:nat): n2>=n1 IMPLIES Sample(n2)>=Sample(n1) Sample_Compare1: LEMMA FORALL(n1,n2:nat): Sample(n2)>=Sample(n1) IMPLIES n2>=n1 ceiling_delta_t: LEMMA FORALL(t:time): ceiling(t/delta_t)*delta_t>=t ceiling_tick: LEMMA FORALL(tk:tick): FORALL(t:time): tk=t OR Sample(0)>=t EXISTS_t: LEMMA FORALL(t:time): EXISTS(n:nat): Sample(n)=t OR Sample(0)>=t EXISTS_SamplePoint1: LEMMA EXISTS(n:nat):Sample(n)<=t+d+delta_R AND Sample(n)+Tmax>t+d+delta_R SAMPLE_COUNT1: LEMMA Sample(ne)-Sample(n0)>d-delta_L IMPLIES ne-n0>=Kmin(d)+1 SAMPLE_COUNT2: LEMMA ne-n0>=Kmin(d)+1 IMPLIES Sample(ne)-Sample(n0)>d-delta_L Held_For_VERIFY: THEOREM Tmax/=Tmin AND (Tmax<=(delta_L+delta_R)/2 OR ((delta_L + delta_R) / 2 < Tmax AND Tmax <= (delta_L + delta_R) AND Tmin >= (d-delta_L)/(Kmin(d)+1) AND (Kmin(d)+2)*Tmax<=d+delta_R)) IMPLIES FORALL(t:tick,Sample:Sample_Type): (Held_For(P,d+delta_R)(t) IMPLIES EXISTS(n:nat |Sample(n)<=t):Held_For_I(P,d,Sample)(n)) FilteredTickPred: TYPE+ = {P| forall t_j,t,t_n:t_j P(t)=P(t_n) OR t_n-t_j>K+TR} %FilteredTickPred: TYPE+ = {P| forall t_j,t_n:t_jt_j):P(t)=P(t_n)} Pf:VAR FilteredTickPred FILTER_TRUTH1: LEMMA Pf(Sample(n))=Pf(Sample(n+1)) IMPLIES FORALL(t|t>Sample(n) AND t=n0 AND ne<=n0+n):Pf(Sample(ne))) IMPLIES FORALL(t|t>=Sample(n0) AND t<=Sample(n0+n)):Pf(t)=Pf(Sample(n0)) % Held_For_Short: LEMMA n (Pf(t) /= Pf(pre(t)) => FORALL (t_n|t_n>t & t_n=t-(d-delta_L)):NOT Held_For_I(Pf,d,Sample)(n)) Held_For_VERIFY2: THEOREM FORALL(Sample:Sample_Type,n:nat): (NOT Held_For(Pf,d-delta_L)(Sample(n)) IMPLIES NOT Held_For_I(Pf,d,Sample)(n)) %Held_For_VERIFY3: THEOREM FORALL(t:tick,Sample:Sample_Type): (Held_For_I(Pf,d)(t) IMPLIES EXISTS(n:nat |Sample(n)<=t AND Sample(n+1)>t):Held_For(P,d,n)(Sample)) Held_For_VERIFY3: THEOREM Held_For_I(P,d,Sample)(n) AND P(Sample(n+1)) IMPLIES Held_For_I(P,d,Sample)(n+1) %TEST: LEMMA Sample(ne)-Sample(n0)>d-delta_L IMPLIES ne-n0>=Kmin(d)+1 END Held_For_TD Held_For_TC [delta_t:posreal,K:posreal,(IMPORTING Clocks[K]) TL,TR:{t:time|tdelta_L AND du>delta_R AND du-delta_L>K+TR} d:VAR Duration Decision(d):time=choose({dur:time| dur>=d-delta_L AND dur<=d+delta_R}) IMPORTING reals@bounded_reals [time] diffAbove(P)(t1)(t2):bool = t2>t1 & P(t2)/= P(t1) diffBelow(P)(t1)(t2):bool = t2 %inf(diffAbove(P)(t)) - sup(diffBelow(P)(t)) >= K+TR } duration(P,d,t):time= TABLE %|[EXISTS(t_l:time): t_l=t_l AND t<=t): P(t)| |[P(t) AND sup(diffBelow(P)(t))=t OR t=0 | ELSE ]| |Decision(d) |0 ||% duration(P,d,sup(diffBelow(P)(t))) % ENDTABLE Event_Start_time(P,t):time= TABLE |[t=0 |P(t) AND sup(diffBelow(P)(t))=t AND NOT t=0 | ELSE ]| |0 |t | 0 ||%Event_Start_time(P,sup(diffBelow(P)(t))) || ENDTABLE Held_For_TC(P,d):pred[time]=(LAMBDA (t_now:time):TABLE |[P(t_now) AND t_now-Event_Start_time(P,t_now)>=duration(P,d,t_now) | P(t_now) AND t_now-Event_Start_time(P,t_now)delta_L test01: LEMMA Decision(d)>=d-delta_L AND Decision(d)<=d+delta_R sup_lemma1: LEMMA sup(diffBelow(P)(t))<=t %Mark, I cannot even prove this single lemma test11: LEMMA duration(P,d,t)>=d-delta_L %Mark, I cannot prove this either test21: LEMMA Event_Start_time(P,t)<=t END Held_For_TC $$$Held_For.prf (|Held_For|) (|Held_For_TD| (|Decision_TCC1| 0 (|Decision_TCC1-1| NIL 3395265682 3396348386 ("" (SKOLEM-TYPEPRED) (("" (GRIND) NIL NIL)) NIL) UNCHECKED ((|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|member| CONST-DECL "bool" |sets| NIL) (|empty?| CONST-DECL "bool" |sets| NIL) (|nonempty?| CONST-DECL "bool" |sets| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 117 116 T NIL)) (|duration_TCC1| 0 (|duration_TCC1-1| NIL 3395265682 3396348386 ("" (SUBTYPE-TCC) NIL NIL) UNCHECKED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|rank| CONST-DECL "nat" |Clocks_T| NIL) (|pre| CONST-DECL "tick" |Clocks_T| NIL) (|init| CONST-DECL "bool" |Clocks_T| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL)) 12 12 NIL NIL)) (|duration_TCC2| 0 (|duration_TCC2-1| NIL 3395265682 3396348387 ("" (TERMINATION-TCC) NIL NIL) UNCHECKED ((|pre| CONST-DECL "tick" |Clocks_T| NIL) (|init| CONST-DECL "bool" |Clocks_T| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL)) 92 92 NIL NIL)) (|duration_TCC3| 0 (|duration_TCC3-1| NIL 3395265682 3396348388 ("" (COND-COVERAGE-TCC) NIL NIL) UNCHECKED ((|pre| CONST-DECL "tick" |Clocks_T| NIL) (|init| CONST-DECL "bool" |Clocks_T| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL)) 82 81 NIL NIL)) (|Event_Start_time_TCC1| 0 (|Event_Start_time_TCC1-1| NIL 3395265682 3396348388 ("" (SUBTYPE-TCC) NIL NIL) UNCHECKED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|rank| CONST-DECL "nat" |Clocks_T| NIL) (|pre| CONST-DECL "tick" |Clocks_T| NIL) (|init| CONST-DECL "bool" |Clocks_T| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL)) 12 12 NIL NIL)) (|Event_Start_time_TCC2| 0 (|Event_Start_time_TCC2-1| NIL 3395265682 3396348389 ("" (TERMINATION-TCC) NIL NIL) UNCHECKED ((|pre| CONST-DECL "tick" |Clocks_T| NIL) (|init| CONST-DECL "bool" |Clocks_T| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL)) 47 46 NIL NIL)) (|Event_Start_time_TCC3| 0 (|Event_Start_time_TCC3-1| NIL 3395758100 3396348389 ("" (COND-COVERAGE-TCC) NIL NIL) UNCHECKED ((|pre| CONST-DECL "tick" |Clocks_T| NIL) (|init| CONST-DECL "bool" |Clocks_T| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL)) 48 47 NIL NIL)) (|Held_For_T_TCC1| 0 (|Held_For_T_TCC1-1| NIL 3395265682 3396348390 ("" (SUBTYPE-TCC) NIL NIL) UNCHECKED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 73 72 NIL NIL)) (|Held_For_T_TCC2| 0 (|Held_For_T_TCC2-1| NIL 3395265682 3396348391 ("" (COND-DISJOINT-TCC) NIL NIL) UNCHECKED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 104 104 NIL NIL)) (|test_choose| 0 (|test_choose-1| NIL 3395266272 3396348392 ("" (GRIND) NIL NIL) UNCHECKED ((|choose| CONST-DECL "(p)" |sets| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|nonempty_singleton_finite| APPLICATION-JUDGEMENT "non_empty_finite_set" |finite_sets| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 60 59 T SHOSTAK)) (|test0| 0 (|test0-2| NIL 3395265717 3396348392 ("" (SKOSIMP) (("" (ASSERT) (("" (EXPAND "Decision") (("" (ASSERT) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|Decision| CONST-DECL "{dur: time | dur >= d - delta_L AND dur <= d + delta_R}" |Held_For_TD| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 17 16 T NIL) (|test0-1| NIL 3395265710 3395265712 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 154 0 T SHOSTAK)) (|test1| 0 (|test1-1| NIL 3395265741 3396348393 ("" (INDUCT "t" 1 "time_induction") (("1" (ASSERT) (("1" (SKOSIMP) (("1" (ASSERT) (("1" (SKOSIMP) (("1" (EXPAND "duration") (("1" (LEMMA "test0") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (INST -1 "P!1" "d!1") (("2" (EXPAND "duration" 1) (("2" (LIFT-IF) (("2" (BDDSIMP) (("2" (LEMMA "test0") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|pre| CONST-DECL "tick" |Clocks_T| NIL) (|minus_nzint_is_nzint| APPLICATION-JUDGEMENT "nzint" |integers| NIL) (|minus_even_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|posreal_times_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|init| CONST-DECL "bool" |Clocks_T| NIL) (|choose| CONST-DECL "(p)" |sets| NIL) (|Decision| CONST-DECL "{dur: time | dur >= d - delta_L AND dur <= d + delta_R}" |Held_For_TD| NIL) (|test0| FORMULA-DECL NIL |Held_For_TD| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|time_induction| FORMULA-DECL NIL |Clocks_T| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|duration| DEF-DECL "time" |Held_For_TD| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL)) 152 150 T NIL)) (|test2| 0 (|test2-1| NIL 3395265762 3396348394 ("" (INDUCT "t" 1 "time_induction") (("1" (SKOSIMP) (("1" (GRIND) NIL NIL)) NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (INST -1 "P!1") (("2" (EXPAND "Event_Start_time" 1) (("2" (LIFT-IF) (("2" (BDDSIMP) (("1" (EXPAND "pre") (("1" (ASSERT) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL) ("3" (EXPAND "pre") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|pre| CONST-DECL "tick" |Clocks_T| NIL) (|init| CONST-DECL "bool" |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|time_induction| FORMULA-DECL NIL |Clocks_T| NIL) (|Event_Start_time| DEF-DECL "tick" |Held_For_TD| NIL) (<= CONST-DECL "bool" |reals| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL)) 80 79 NIL NIL)) (|Held_For_I_TCC1| 0 (|Held_For_I_TCC1-1| NIL 3395265682 3396348394 ("" (SKOSIMP) (("" (TYPEPRED "Sample!1") (("" (INST -2 "n!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 1 "n!2") (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 28 27 T NIL)) (|Sample_Positive| 0 (|Sample_Positive-1| NIL 3395748973 3396348396 ("" (INDUCT "n" 1) (("1" (SKOSIMP) (("1" (TYPEPRED "Sample!1") (("1" (INST -1 "0") (("1" (SKOSIMP) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "j!1") (("2" (SKOSIMP) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|odd_plus_even_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL)) 115 113 T SHOSTAK)) (|Sample_Compare| 0 (|Sample_Compare-1| NIL 3395749182 3396348397 ("" (SKOSIMP) (("" (GRIND) (("" (LEMMA "Sample_Interval2") (("" (INST -1 "Sample!1" "n1!1" "n2!1-n1!1") (("" (CASE "(n2!1 - n1!1) * (K - TL)>=0") (("1" (ASSERT) NIL NIL) ("2" (HIDE -1 -2 2) (("2" (LEMMA "nonneg_real_mult_closed") (("2" (INST?) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|nonneg_real_mult_closed| FORMULA-DECL NIL |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_plus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|Sample_Interval2| FORMULA-DECL NIL |Held_For_T| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 108 106 T SHOSTAK)) (|Sample_Compare1| 0 (|Sample_Compare1-1| NIL 3396348205 3396348340 ("" (SKOSIMP) (("" (CASE "n2!1 < n1!1") (("1" (CASE "NOT Sample!1(n2!1) < Sample!1(n1!1)") (("1" (HIDE -2 2) (("1" (LEMMA "Sample_Interval2") (("1" (INST -1 "Sample!1" "n2!1" "n1!1-n2!1") (("1" (CASE "(n1!1 - n2!1) * (K - TL)>0") (("1" (ASSERT) NIL NIL) ("2" (HIDE -1 2) (("2" (LEMMA "posreal_mult_closed") (("2" (INST -1 "n1!1 - n2!1" "K-TL") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) UNCHECKED ((|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (< CONST-DECL "bool" |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) NIL NIL (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|posreal_mult_closed| FORMULA-DECL NIL |real_axioms| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_plus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|Sample_Interval2| FORMULA-DECL NIL |Held_For_T| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL)) 13490 197 T SHOSTAK)) (|ceiling_delta_t| 0 (|ceiling_delta_t-1| NIL 3395748812 3396348397 ("" (SKOSIMP) (("" (BOTH-SIDES "/" "delta_t") (("" (GRIND) NIL NIL)) NIL)) NIL) UNCHECKED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|both_sides_div_pos_ge1| FORMULA-DECL NIL |real_props| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nonneg_ceiling_is_nat| APPLICATION-JUDGEMENT "nat" |floor_ceil| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (>= CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|integer| NONEMPTY-TYPE-FROM-DECL NIL |integers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (< CONST-DECL "bool" |reals| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|ceiling| CONST-DECL "{i | x <= i & i < x + 1}" |floor_ceil| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL)) 56 55 T SHOSTAK)) (|ceiling_tick| 0 (|ceiling_tick-1| NIL 3395748475 3396348399 ("" (SKOSIMP) (("" (SKOSIMP) (("" (TYPEPRED "tk!1") (("" (SKOSIMP) (("" (GRIND) (("" (BOTH-SIDES "/" "delta_t" -3) (("" (BOTH-SIDES "/" "delta_t" 1) (("" (ASSERT) (("" (GRIND) (("" (TYPEPRED "ceiling(t!1/delta_t)") (("" (GRIND) (("" (CASE "n!1< ceiling(t!1 / delta_t)") (("1" (GRIND) (("1" (CASE "n!1 <= t!1 / delta_t") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|both_sides_div_pos_lt1| FORMULA-DECL NIL |real_props| NIL) (|both_sides_times_pos_le1| FORMULA-DECL NIL |real_props| NIL) (|both_sides_times_pos_lt1| FORMULA-DECL NIL |real_props| NIL) (|integer| NONEMPTY-TYPE-FROM-DECL NIL |integers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|ceiling| CONST-DECL "{i | x <= i & i < x + 1}" |floor_ceil| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|both_sides_div_pos_le1| FORMULA-DECL NIL |real_props| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nonneg_ceiling_is_nat| APPLICATION-JUDGEMENT "nat" |floor_ceil| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 189 185 T SHOSTAK)) (|EXISTS_n| 0 (|EXISTS_n-1| NIL 3395659827 3396348406 ("" (SKOLEM 1 ("Sample!1" "_")) (("" (INDUCT "t" 1 "time_induction") (("1" (SKOSIMP) (("1" (GRIND) NIL NIL)) NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (SPLIT) (("1" (CASE "Sample!1(n!1+1)>pre(t!1) OR Sample!1(n!1+1)=pre(t!1)") (("1" (SPLIT) (("1" (INST 1 "n!1") (("1" (GRIND) (("1" (TYPEPRED "t!1") (("1" (SKOSIMP) (("1" (GRIND) (("1" (TYPEPRED "Sample!1") (("1" (INST -2 "n!1+1") (("1" (SKOSIMP) (("1" (TYPEPRED "t!2") (("1" (SKOSIMP) (("1" (REPLACE -2 * LR) (("1" (REPLACE -4 * LR) (("1" (HIDE -1 -2 -3 -4 -5 -6 -8 -9 1 3) (("1" (GRIND) (("1" (BOTH-SIDES "/" "delta_t") (("1" (BOTH-SIDES "/" "delta_t" -1) (("1" (GRIND) (("1" (CASE "(n!2 * delta_t - delta_t) / delta_t=n!2-1") (("1" (GRIND) (("1" (HIDE -1) (("1" (CASE "n!3 * delta_t / delta_t=n!3") (("1" (GRIND) (("1" (CASE "n!2 * delta_t / delta_t=n!2") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INST 1 "n!1+1") (("2" (GRIND) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1+1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (CASE "Sample!1(0)>pre(t!1) OR Sample!1(0)=pre(t!1)") (("1" (SPLIT) (("1" (INST 1 "0") (("1" (GRIND) (("1" (HIDE -2) (("1" (TYPEPRED "Sample!1") (("1" (INST -2 "0") (("1" (SKOSIMP) (("1" (TYPEPRED "t!2") (("1" (SKOSIMP) (("1" (REPLACE -2 * LR) (("1" (REPLACE -4 * LR) (("1" (HIDE -1 -2 -3 -4 1) (("1" (TYPEPRED "t!1") (("1" (SKOSIMP) (("1" (REPLACE -2 * LR) (("1" (HIDE -1 -2 1) (("1" (GRIND) (("1" (BOTH-SIDES "/" "delta_t" -1) (("1" (BOTH-SIDES "/" "delta_t" 1) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INST 1 "0") (("2" (GRIND) (("2" (TYPEPRED "Sample!1") (("2" (INST?) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|time_induction| FORMULA-DECL NIL |Clocks_T| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|init| CONST-DECL "bool" |Clocks_T| NIL) (|odd_plus_even_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|odd_minus_odd_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|even_plus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|noninit_elem| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|pre| CONST-DECL "tick" |Clocks_T| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|even_minus_even_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|even_minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|both_sides_div_pos_ge1| FORMULA-DECL NIL |real_props| NIL) (|both_sides_times_pos_ge1| FORMULA-DECL NIL |real_props| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|real_div_nzreal_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|both_sides_div_pos_gt1| FORMULA-DECL NIL |real_props| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL)) 673 659 T SHOSTAK)) (|EXISTS_t| 0 (|EXISTS_t-1| NIL 3395729529 3396348407 ("" (SKOSIMP) (("" (LEMMA "EXISTS_n") (("" (INST -1 "Sample!1" "ceiling(t!1/delta_t)*delta_t") (("1" (SKOSIMP) (("1" (INST 1 "n!1") (("1" (SPLIT) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (LEMMA "ceiling_delta_t") (("1" (INST -1 "t!1") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (LEMMA "ceiling_tick") (("2" (INST -1 "Sample!1(n!1)" "t!1") (("1" (ASSERT) (("1" (CASE "Sample!1(n!1)0") (("1" (SPLIT) (("1" (INST 1 "0") (("1" (ASSERT) NIL NIL)) NIL) ("2" (INST 1 "n!1-1") (("2" (ASSERT) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1-1") (("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (TYPEPRED "Sample!1") (("2" (INST -2 "n!1") (("2" (SKOSIMP) (("2" (TYPEPRED "t!2") (("2" (SKOSIMP) (("2" (INST 1 "n!2") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (FLATTEN) (("2" (HIDE 1) (("2" (LEMMA "ceiling_delta_t") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INST 1 "ceiling(t!1 / delta_t)") NIL NIL)) NIL)) NIL)) NIL) UNCHECKED ((|EXISTS_n| FORMULA-DECL NIL |Held_For_TD| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|ceiling_delta_t| FORMULA-DECL NIL |Held_For_TD| NIL) NIL NIL (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|ceiling_tick| FORMULA-DECL NIL |Held_For_TD| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nonneg_ceiling_is_nat| APPLICATION-JUDGEMENT "nat" |floor_ceil| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|integer| NONEMPTY-TYPE-FROM-DECL NIL |integers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (< CONST-DECL "bool" |reals| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|ceiling| CONST-DECL "{i | x <= i & i < x + 1}" |floor_ceil| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) NIL (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL)) 161 158 T SHOSTAK)) (SAMPLE_COUNT1 0 (SAMPLE_COUNT1-4 "" 3396344382 3396348413 ("" (SKOSIMP) (("" (CASE "ne!1-n0!1=n0!1 OR ne!1 boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_T| NIL) (|Kmin| CONST-DECL "nat" |Held_For_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (<= CONST-DECL "bool" |reals| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnint_plus_nnint_is_nnint| APPLICATION-JUDGEMENT "nonneg_int" |integers| NIL) (|Sample_Compare| FORMULA-DECL NIL |Held_For_TD| NIL) NIL NIL (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|both_sides_div_pos_le1| FORMULA-DECL NIL |real_props| NIL) (|both_sides_plus_le2| FORMULA-DECL NIL |real_props| NIL) (|both_sides_plus_lt2| FORMULA-DECL NIL |real_props| NIL) (|both_sides_times_pos_lt1| FORMULA-DECL NIL |real_props| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|floor| CONST-DECL "{i | i <= x & x bool]" |booleans| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_plus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|Sample_Interval3| FORMULA-DECL NIL |Held_For_T| NIL)) 542 535 NIL NIL) (|yes| "" 3396344327 3396344340 ("" (SKOSIMP) (("" (CASE "ne!1-n0!1=Sample!1(n!3)") (("1" (CASE "Sample!1(n!2+1)-Sample!1(n!2)<=Tmax") (("1" (CASE "Sample!1(n!1+1)-t_j!1<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (ASSERT) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "n!3" "n!2+1-n!3") (("2" (CASE "(n!2 + 1 - n!3) * (K - TL)>=0") (("1" (ASSERT) NIL NIL) ("2" (LEMMA "nonneg_real_mult_closed") (("2" (INST -1 "n!2+1-n!3" "K-TL") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "Sample!1(n!2+1)-Sample!1(n!2)<=Tmax") (("1" (ASSERT) (("1" (CASE "Sample!1(n!1+1)-t_j!1<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "Sample!1(n!1+1)>=Sample!1(0)") (("1" (ASSERT) NIL NIL) ("2" (HIDE -1 -2 -3 -4 -5 -6 2 3) (("2" (LEMMA "Sample_Compare") (("2" (INST?) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Positive") (("2" (INST -1 "Sample!1" "n!1+1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "EXISTS_t") (("2" (INST -1 "Sample!1" "Sample!1(0)+d!1-delta_L") (("1" (SKOSIMP) (("1" (INST 2 "n!2+1") (("1" (EXPAND "Held_For_I") (("1" (ASSERT) (("1" (SKOSIMP) (("1" (INST 2 "0") (("1" (SKOSIMP) (("1" (INST -6 "Sample!1(n!3)") (("1" (SPLIT) (("1" (LEMMA "Sample_Compare") (("1" (INST?) (("1" (INST -1 "0") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "n!3") (("2" (CASE "Sample!1(n!3)<=Sample!1(1+n!2)") (("1" (CASE "Sample!1(1+n!2)-Sample!1(n!2)<=Tmax") (("1" (CASE "Sample!1(0)<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "n!3" "1+n!2") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "Sample!1(1+n!2)-Sample!1(n!2)<=Tmax") (("1" (CASE "Sample!1(0)<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "PERFECT_CLOCK_CASE2B") (("2" (INST -1 "d!1") (("2" (ASSERT) (("2" (EXPAND "Kmin") (("2" (BDDSIMP) (("2" (SKOSIMP) (("2" (LEMMA "EXISTS_n") (("2" (EXPAND "Held_For") (("2" (SKOSIMP) (("2" (INST -1 "Sample!1" "t_j!1") (("2" (SKOSIMP) (("2" (SPLIT) (("1" (INST 2 "n!1+Kmin(d!1)+2") (("1" (EXPAND "Held_For_I") (("1" (BDDSIMP) (("1" (INST 2 "n!1+1") (("1" (ASSERT) (("1" (SKOSIMP) (("1" (INST -9 "Sample!1(n!2)") (("1" (SPLIT) (("1" (TYPEPRED "Sample!1(n!2)") (("1" (TYPEPRED "n!2") (("1" (LEMMA "Sample_Compare") (("1" (INST -1 "Sample!1" "n!1+1" "n!2") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "n!2") (("2" (CASE "Sample!1(n!2)<=Sample!1(2 + Kmin(d!1) + n!1)") (("1" (CASE "Sample!1(2+Kmin(d!1)+n!1)-Sample!1(n!1+1)<=floor((d!1 - delta_L) / Tmax) * Tmax + Tmax ") (("1" (ASSERT) (("1" (CASE "Sample!1(1 + n!1)-t_j!1<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "n!1+1" "1+Kmin(d!1)") (("2" (HIDE -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 2 3 4) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "n!2" "2 + Kmin(d!1) + n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "n!1+1" "1+Kmin(d!1)") (("2" (CASE "(1 + Kmin(d!1)) * (K - TL)>=d!1-delta_L") (("1" (ASSERT) NIL NIL) ("2" (BOTH-SIDES "*" "(1 + floor((d!1 - delta_L) / Tmax))" -6) (("1" (HIDE -1 -2 -3 -4 -5 -7 -8 -9 -10 2 3) (("1" (CASE "((d!1 - delta_L) / (1 + floor((d!1 - delta_L) / Tmax))) * (1 + floor((d!1 - delta_L) / Tmax))=d!1-delta_L") (("1" (REPLACE -1 * LR) (("1" (GRIND) NIL NIL)) NIL) ("2" (HIDE -1 2) (("2" (NAME-REPLACE "z!1" "1 + floor((d!1 - delta_L) / Tmax)") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Feasible_Point") (("2" (INST?) (("2" (INST -6 "t_j!1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INST 2 "Kmin(d!1)+1") (("1" (EXPAND "Held_For_I") (("1" (INST 2 "0") (("1" (SKOSIMP) (("1" (INST -8 "Sample!1(n!2)") (("1" (TYPEPRED "n!2") (("1" (SPLIT) (("1" (LEMMA "Sample_Compare") (("1" (INST -1 "Sample!1" "0" "n!2") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (CASE "Sample!1(1+Kmin(d!1))>=Sample!1(n!2)") (("1" (CASE "Sample!1(1 + Kmin(d!1)) <= Sample!1(0)+floor((d!1 - delta_L) / Tmax) * Tmax + Tmax") (("1" (ASSERT) (("1" (CASE "Sample!1(0)<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "0" "1+Kmin(d!1)") (("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "n!2" "1+Kmin(d!1)") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "0" "1+Kmin(d!1)") (("2" (CASE "(1 + Kmin(d!1)) * (K - TL)>=d!1-delta_L") (("1" (ASSERT) NIL NIL) ("2" (HIDE -1 -2 -3 -4 -6 -7 -8 -9 2 3) (("2" (BOTH-SIDES "/" "1+Kmin(d!1)" 1) (("1" (CASE "(1 + Kmin(d!1)) * (K - TL) / (1 + Kmin(d!1))=Tmin") (("1" (REPLACE -1 * LR) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (HIDE -1 2) (("2" (NAME-REPLACE "z!1" "1+Kmin(d!1)") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "Sample!1(1 + Kmin[K, TL, TR, delta_L, delta_R](d!1)) -Sample!1(0)<=floor((d!1 - delta_L) / Tmax) * Tmax + Tmax") (("1" (CASE "Sample!1(0)<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "Sample!1(0)") (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval3") (("2" (INST -1 "Sample!1" "0" "1+Kmin(d!1)") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|EXISTS_n| FORMULA-DECL NIL |Held_For_TD| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Held_For| CONST-DECL "pred[tick]" |Held_For_TD| NIL) (|Sample_Positive| FORMULA-DECL NIL |Held_For_TD| NIL) NIL NIL (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_div_posreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) NIL NIL (|Sample_Interval2| FORMULA-DECL NIL |Held_For_T| NIL) (|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|nnreal_plus_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nonneg_real_mult_closed| FORMULA-DECL NIL |real_types| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|real_plus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|Sample_Compare| FORMULA-DECL NIL |Held_For_TD| NIL) (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) NIL NIL (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TD| NIL) NIL (|EXISTS_t| FORMULA-DECL NIL |Held_For_TD| NIL) NIL NIL (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_T| NIL) (|Kmin| CONST-DECL "nat" |Held_For_T| NIL) (|Sample_Interval3| FORMULA-DECL NIL |Held_For_T| NIL) (/ CONST-DECL "[numfield, nznum -> numfield]" |number_fields| NIL) (|nznum| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|floor| CONST-DECL "{i | i <= x & x < i + 1}" |floor_ceil| NIL) (|integer| NONEMPTY-TYPE-FROM-DECL NIL |integers| NIL) NIL NIL (|real_div_nzreal_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|div_cancel2| FORMULA-DECL NIL |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|Feasible_Point| CONST-DECL "bool" |Held_For_T| NIL) (|odd_minus_even_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|nnint_plus_nnint_is_nnint| APPLICATION-JUDGEMENT "nonneg_int" |integers| NIL) NIL NIL NIL (|both_sides_div_pos_ge1| FORMULA-DECL NIL |real_props| NIL) (|both_sides_plus_ge2| FORMULA-DECL NIL |real_props| NIL) (|posint| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nonneg_int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) NIL (|posreal_times_posreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (PERFECT_CLOCK_CASE2B FORMULA-DECL NIL |Held_For_T| NIL)) 1902 1878 T NIL) (|Held_For_VERIFY-6| NIL 3395748875 3396345356 ("" (SKOSIMP) (("" (SPLIT) (("1" (SKOSIMP) (("1" (LEMMA "EXISTS_n") (("1" (INST?) (("1" (EXPAND "Held_For") (("1" (SKOSIMP) (("1" (INST -1 "t_j!1") (("1" (SKOSIMP) (("1" (SPLIT) (("1" (LEMMA "EXISTS_t") (("1" (SKOSIMP) (("1" (INST -1 "Sample!1" "Sample!1(n!1+1)+d!1-delta_L") (("1" (SKOSIMP) (("1" (SPLIT) (("1" (INST 2 "n!2+1") (("1" (EXPAND "Held_For_I") (("1" (ASSERT) (("1" (SKOSIMP) (("1" (INST 2 "n!1+1") (("1" (SKOSIMP) (("1" (INST -7 "Sample!1(n!3)") (("1" (SPLIT) (("1" (TYPEPRED "n!3") (("1" (LEMMA "Sample_Compare") (("1" (INST -1 "Sample!1" "1+n!1" "n!3") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "n!3") (("2" (CASE "Sample!1(n!2+1)>=Sample!1(n!3)") (("1" (CASE "Sample!1(n!2+1)-Sample!1(n!2)<=Tmax") (("1" (CASE "Sample!1(n!1+1)-t_j!1<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (ASSERT) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "n!3" "n!2+1-n!3") (("2" (CASE "(n!2 + 1 - n!3) * (K - TL)>=0") (("1" (ASSERT) NIL NIL) ("2" (LEMMA "nonneg_real_mult_closed") (("2" (INST -1 "n!2+1-n!3" "K-TL") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "Sample!1(n!2+1)-Sample!1(n!2)<=Tmax") (("1" (ASSERT) (("1" (CASE "Sample!1(n!1+1)-t_j!1<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "Sample!1(n!1+1)>=Sample!1(0)") (("1" (ASSERT) NIL NIL) ("2" (HIDE -1 -2 -3 -4 -5 -6 2 3) (("2" (LEMMA "Sample_Compare") (("2" (INST?) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Positive") (("2" (INST -1 "Sample!1" "n!1+1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "EXISTS_t") (("2" (INST -1 "Sample!1" "Sample!1(0)+d!1-delta_L") (("1" (SKOSIMP) (("1" (INST 2 "n!2+1") (("1" (EXPAND "Held_For_I") (("1" (ASSERT) (("1" (SKOSIMP) (("1" (INST 2 "0") (("1" (SKOSIMP) (("1" (INST -6 "Sample!1(n!3)") (("1" (SPLIT) (("1" (LEMMA "Sample_Compare") (("1" (INST?) (("1" (INST -1 "0") (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "n!3") (("2" (CASE "Sample!1(n!3)<=Sample!1(1+n!2)") (("1" (CASE "Sample!1(1+n!2)-Sample!1(n!2)<=Tmax") (("1" (CASE "Sample!1(0)<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "n!3" "1+n!2") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (CASE "Sample!1(1+n!2)-Sample!1(n!2)<=Tmax") (("1" (CASE "Sample!1(0)<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "PERFECT_CLOCK_CASE2B") (("2" (INST -1 "d!1") (("2" (ASSERT) (("2" (EXPAND "Kmin") (("2" (BDDSIMP) (("2" (SKOSIMP) (("2" (LEMMA "EXISTS_n") (("2" (EXPAND "Held_For") (("2" (SKOSIMP) (("2" (INST -1 "Sample!1" "t_j!1") (("2" (SKOSIMP) (("2" (SPLIT) (("1" (INST 2 "n!1+Kmin(d!1)+2") (("1" (EXPAND "Held_For_I") (("1" (BDDSIMP) (("1" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (EXPAND "Feasible_Point") (("2" (INST?) (("2" (INST -6 "t_j!1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 72 1 T NIL) (|Held_For_VERIFY-5| NIL 3395688285 3395748860 ("" (SKOSIMP) (("" (SPLIT) (("1" (SKOSIMP) (("1" (LEMMA "EXISTS_n") (("1" (INST?) (("1" (EXPAND "Held_For") (("1" (SKOSIMP) (("1" (INST -1 "t_j!1") (("1" (SKOSIMP) (("1" (SPLIT) (("1" (LEMMA "EXISTS_n") (("1" (SKOSIMP) (("1" (INST -1 "Sample!1" "Sample!1(n!1+1)+d!1-delta_L") (("1" (SKOSIMP) (("1" (SPLIT) (("1" (INST 2 "n!2+1") (("1" (EXPAND "Held_For_I") (("1" (ASSERT) (("1" (SKOSIMP) (("1" (INST 2 "n!1+1") (("1" (SKOSIMP) (("1" (INST -7 "Sample!1(n!3)") (("1" (SPLIT) (("1" (TYPEPRED "n!3") (("1" (POSTPONE) NIL NIL)) NIL) ("2" (TYPEPRED "n!3") (("2" (CASE "Sample!1(n!2+1)>=Sample!1(n!3)") (("1" (CASE "Sample!1(n!2+1)-Sample!1(n!2)<=Tmax") (("1" (CASE "Sample!1(n!1+1)-t_j!1<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (ASSERT) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "n!3" "n!2+1-n!3") (("2" (CASE "(n!2 + 1 - n!3) * (K - TL)>=0") (("1" (ASSERT) NIL NIL) ("2" (LEMMA "nonneg_real_mult_closed") (("2" (INST -1 "n!2+1-n!3" "K-TL") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "Sample!1(n!2+1)-Sample!1(n!2)<=Tmax") (("1" (ASSERT) (("1" (CASE "Sample!1(n!1+1)-t_j!1<=Tmax") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (SPLIT) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "PERFECT_CLOCK_CASE2B") (("2" (INST -1 "d!1") (("2" (ASSERT) (("2" (EXPAND "Kmin") (("2" (BDDSIMP) (("2" (SKOSIMP) (("2" (LEMMA "EXISTS_n") (("2" (EXPAND "Held_For") (("2" (SKOSIMP) (("2" (INST -1 "Sample!1" "t_j!1") (("2" (SKOSIMP) (("2" (SPLIT) (("1" (INST 2 "n!1+Kmin(d!1)+2") (("1" (EXPAND "Held_For_I") (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (INST -9 "Sample!1(n!2)") (("2" (SPLIT) (("1" (TYPEPRED "n!2") (("1" (CASE "Sample!1(n!2)>=Sample!1(n!1+1)") (("1" (GRIND) NIL NIL) ("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "n!1+1" "n!2-(n!1+1)") (("2" (CASE "(n!2 - (n!1 + 1)) * (K - TL)>=0") (("1" (GRIND) NIL NIL) ("2" (TYPEPRED "TL") (("2" (HIDE -1 -3 -5 -6 -7 -8 -9 -10 -11 -12 -13 2 3 4 5) (("2" (CASE "K-TL>0") (("1" (CASE "n!2 - (n!1 + 1)>=0") (("1" (NAME-REPLACE "z!1" "K-TL") (("1" (NAME-REPLACE "z!2" "n!2 - (n!1 + 1)") (("1" (GRIND) (("1" (BOTH-SIDES "/" "z!1" 1) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "n!2") (("2" (CASE "Sample!1(2 + Kmin(d!1) + n!1)<=t!1") (("1" (LEMMA "Sample_Interval2") (("1" (INST -1 "Sample!1" "n!2" "2 + Kmin(d!1) + n!1-n!2") (("1" (CASE "(2 + Kmin(d!1) + n!1 - n!2) * (K - TL)>=0") (("1" (GRIND) NIL NIL) ("2" (LEMMA "nonneg_real_mult_closed") (("2" (INST -1 "2 + Kmin(d!1) + n!1 - n!2" "K-TL") (("2" (TYPEPRED "TL") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2 3 4) (("2" (EXPAND "Feasible_Point") (("2" (INST?) (("2" (INST -9 "t_j!1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Feasible_Point") (("2" (INST?) (("2" (INST -6 "t_j!1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 3628 968 T NIL) (|Held_For_VERIFY-4| NIL 3395676344 3395688277 ("" (SKOSIMP) (("" (SPLIT) (("1" (SKOSIMP) (("1" (LEMMA "EXISTS_n") (("1" (INST?) (("1" (EXPAND "Held_For") (("1" (SKOSIMP) (("1" (INST -1 "t_j!1") (("1" (SKOSIMP) (("1" (SPLIT) (("1" (LEMMA "EXISTS_n") (("1" (SKOSIMP) (("1" (INST -1 "Sample!1" "Sample!1(n!1+1)+d!1+delta_L") (("1" (SKOSIMP) (("1" (SPLIT) (("1" (INST 2 "n!2+1") (("1" (EXPAND "Held_For_I") (("1" (ASSERT) (("1" (SKOSIMP) (("1" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "PERFECT_CLOCK_CASE2B") (("2" (INST -1 "d!1") (("2" (ASSERT) (("2" (EXPAND "Kmin") (("2" (BDDSIMP) (("2" (SKOSIMP) (("2" (LEMMA "EXISTS_n") (("2" (EXPAND "Held_For") (("2" (SKOSIMP) (("2" (INST -1 "Sample!1" "t_j!1") (("2" (SKOSIMP) (("2" (SPLIT) (("1" (INST 2 "n!1+Kmin(d!1)+2") (("1" (EXPAND "Held_For_I") (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (INST -9 "Sample!1(n!2)") (("2" (SPLIT) (("1" (TYPEPRED "n!2") (("1" (CASE "Sample!1(n!2)>=Sample!1(n!1+1)") (("1" (GRIND) NIL NIL) ("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "n!1+1" "n!2-(n!1+1)") (("2" (CASE "(n!2 - (n!1 + 1)) * (K - TL)>=0") (("1" (GRIND) NIL NIL) ("2" (TYPEPRED "TL") (("2" (HIDE -1 -3 -5 -6 -7 -8 -9 -10 -11 -12 -13 2 3 4 5) (("2" (CASE "K-TL>0") (("1" (CASE "n!2 - (n!1 + 1)>=0") (("1" (NAME-REPLACE "z!1" "K-TL") (("1" (NAME-REPLACE "z!2" "n!2 - (n!1 + 1)") (("1" (GRIND) (("1" (BOTH-SIDES "/" "z!1" 1) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "n!2") (("2" (CASE "Sample!1(2 + Kmin(d!1) + n!1)<=t!1") (("1" (LEMMA "Sample_Interval2") (("1" (INST -1 "Sample!1" "n!2" "2 + Kmin(d!1) + n!1-n!2") (("1" (CASE "(2 + Kmin(d!1) + n!1 - n!2) * (K - TL)>=0") (("1" (GRIND) NIL NIL) ("2" (LEMMA "nonneg_real_mult_closed") (("2" (INST -1 "2 + Kmin(d!1) + n!1 - n!2" "K-TL") (("2" (TYPEPRED "TL") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2 3 4) (("2" (EXPAND "Feasible_Point") (("2" (INST?) (("2" (INST -9 "t_j!1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Feasible_Point") (("2" (INST?) (("2" (INST -6 "t_j!1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 164267 1375 T NIL) (|Held_For_VERIFY-3| NIL 3395676285 3395676316 (";;; Proof Held_For_VERIFY-2 for formula Held_For_TD.Held_For_VERIFY" (SKOSIMP) ((";;; Proof Held_For_VERIFY-2 for formula Held_For_TD.Held_For_VERIFY" (SPLIT) (("1" (POSTPONE) NIL) ("2" (LEMMA "PERFECT_CLOCK_CASE2B") (("2" (INST -1 "d!1") (("2" (ASSERT) (("2" (EXPAND "Kmin") (("2" (BDDSIMP) (("2" (SKOSIMP) (("2" (LEMMA "EXISTS_n") (("2" (EXPAND "Held_For") (("2" (SKOSIMP) (("2" (INST -1 "Sample!1" "t_j!1") (("2" (SKOSIMP) (("2" (SPLIT) (("1" (INST 2 "n!1+Kmin(d!1)+3") (("1" (EXPAND "Held_For_I") (("1" (SKOSIMP) (("1" (INST -9 "Sample!1(n!2)") (("1" (SPLIT) (("1" (TYPEPRED "n!2") (("1" (POSTPONE) NIL))) ("2" (TYPEPRED "n!2") (("2" (CASE "Sample!1(3 + Kmin(d!1) + n!1)<=t!1") (("1" (POSTPONE) NIL) ("2" (HIDE 2 3 4) (("2" (EXPAND "Feasible_Point") (("2" (INST?) (("2" (INST -9 "t_j!1") (("1" (GRIND) NIL) ("2" (GRIND) NIL))))))))))))))))))))) ("2" (EXPAND "Feasible_Point") (("2" (INST?) (("2" (INST -6 "t_j!1") (("1" (GRIND) NIL) ("2" (GRIND) NIL))))))))) ("2" (POSTPONE) NIL)))))))))))))))))))))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 3122 708 T NIL) (|Held_For_VERIFY-2| NIL 3395669217 3395676270 ("" (SKOSIMP) (("" (SPLIT) (("1" (POSTPONE) NIL NIL) ("2" (LEMMA "PERFECT_CLOCK_CASE2B") (("2" (INST -1 "d!1") (("2" (ASSERT) (("2" (EXPAND "Kmin") (("2" (BDDSIMP) (("2" (SKOSIMP) (("2" (LEMMA "EXISTS_n") (("2" (EXPAND "Held_For") (("2" (SKOSIMP) (("2" (INST -1 "Sample!1" "t_j!1") (("2" (SKOSIMP) (("2" (SPLIT) (("1" (INST 2 "n!1+Kmin(d!1)+2") (("1" (EXPAND "Held_For_I") (("1" (SKOSIMP) (("1" (INST -9 "Sample!1(n!2)") (("1" (SPLIT) (("1" (TYPEPRED "n!2") (("1" (POSTPONE) NIL NIL)) NIL) ("2" (TYPEPRED "n!2") (("2" (CASE "Sample!1(2 + Kmin(d!1) + n!1)<=t!1") (("1" (POSTPONE) NIL NIL) ("2" (HIDE 2 3 4) (("2" (EXPAND "Feasible_Point") (("2" (INST?) (("2" (INST -9 "t_j!1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Feasible_Point") (("2" (INST?) (("2" (INST -6 "t_j!1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 88 0 T NIL) (|Held_For_VERIFY-1| NIL 3395266326 3395665811 ("" (SKOSIMP) (("" (SPLIT) (("1" (POSTPONE) NIL NIL) ("2" (LEMMA "PERFECT_CLOCK_CASE2B") (("2" (INST -1 "d!1") (("2" (ASSERT) (("2" (EXPAND "Kmin") (("2" (BDDSIMP) (("2" (SKOSIMP) (("2" (LEMMA "EXISTS_n") (("2" (EXPAND "Held_For") (("2" (SKOSIMP) (("2" (INST -1 "Sample!1" "t_j!1") (("2" (SKOSIMP) (("2" (INST 2 "n!1+Kmin(d!1)+2") (("1" (EXPAND "Held_For_I") (("1" (SKOSIMP) (("1" (INST -9 "Sample!1(n!2)") (("1" (SPLIT) (("1" (TYPEPRED "n!2") (("1" (POSTPONE) NIL NIL)) NIL) ("2" (TYPEPRED "n!2") (("2" (CASE "Sample!1(2 + Kmin(d!1) + n!1)<=t!1") (("1" (POSTPONE) NIL NIL) ("2" (HIDE 2 3 4) (("2" (EXPAND "Feasible_Point") (("2" (INST?) (("2" (INST -9 "t_j!1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Feasible_Point") (("2" (INST?) (("2" (INST -7 "t_j!1") (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 23500 976 T SHOSTAK)) (|FilteredTickPred_TCC1| 0 (|FilteredTickPred_TCC1-1| NIL 3395614870 3396526176 ("" (ASSERT) (("" (INST 1 "lambda (t:tick): true") NIL NIL)) NIL) UNCHECKED ((|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TRUE CONST-DECL "bool" |booleans| NIL)) 9869 99 T NIL)) (FILTER_TRUTH1_TCC1 0 (FILTER_TRUTH1_TCC1-1 NIL 3395843479 3396348971 ("" (SKOSIMP) (("" (TYPEPRED "Sample!1") (("" (INST -2 "n!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 1 "n!2") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL)) 1654 26 T NIL)) (FILTER_TRUTH1_TCC2 0 (FILTER_TRUTH1_TCC2-1 NIL 3395843479 3396349017 ("" (SKOSIMP) (("" (TYPEPRED "Sample!1") (("" (INST -2 "n!1+1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 1 "n!2") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL)) 1359 24 T NIL)) (FILTER_TRUTH1 0 (FILTER_TRUTH1-1 NIL 3395843479 3396348435 ("" (SKOSIMP) (("" (SKOSIMP) (("" (TYPEPRED "Pf!1") (("" (INST -1 "Sample!1(n!1)" "t!1" "Sample!1(n!1+1)") (("" (ASSERT) (("" (TYPEPRED "Sample!1") (("" (INST -1 "n!1") (("" (ASSERT) (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((<= CONST-DECL "bool" |reals| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|FilteredTickPred| NONEMPTY-TYPE-EQ-DECL NIL |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 42 42 T SHOSTAK)) (FILTER_TRUTH3_TCC1 0 (FILTER_TRUTH3_TCC1-1 NIL 3395847771 3396349033 ("" (SKOSIMP) (("" (TYPEPRED "Sample!1") (("" (INST -2 "ne!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 1 "n!2") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL)) 1241 36 T NIL)) (FILTER_TRUTH3_TCC2 0 (FILTER_TRUTH3_TCC2-1 NIL 3395847771 3396348442 ("" (SUBTYPE-TCC) NIL NIL) UNCHECKED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnint_plus_nnint_is_nnint| APPLICATION-JUDGEMENT "nonneg_int" |integers| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|even_minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|odd_minus_odd_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|odd_plus_even_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (<= CONST-DECL "bool" |reals| NIL) (|FilteredTickPred| NONEMPTY-TYPE-EQ-DECL NIL |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 583 576 NIL NIL)) (FILTER_TRUTH3 0 (FILTER_TRUTH3-1 NIL 3395847771 3396348445 ("" (SKOLEM 1 ("Pf!1" "Sample!1" "_" "n0!1")) (("" (INDUCT "n") (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (SPLIT) (("1" (TYPEPRED "t!1") (("1" (SKOSIMP) (("1" (CASE "t!1<=Sample!1(j!1 + n0!1) OR t!1>Sample!1(j!1 + n0!1)") (("1" (SPLIT) (("1" (INST -6 "t!1") NIL NIL) ("2" (LEMMA "FILTER_TRUTH1") (("2" (INST -1 "Pf!1" "Sample!1" "j!1+n0!1") (("2" (ASSERT) (("2" (CASE "Pf!1(Sample!1(j!1 + n0!1)) = Pf!1(Sample!1(1 + j!1 + n0!1))") (("1" (ASSERT) (("1" (INST -2 "t!1") (("1" (CASE "Pf!1(Sample!1(j!1 + n0!1))=Pf!1(Sample!1(n0!1))") (("1" (ASSERT) NIL NIL) ("2" (INST -9 "n0!1") (("2" (REVEAL -1) (("2" (INST -1 "j!1+n0!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (CASE "t!1 = Sample!1(1 + j!1 + n0!1)") (("1" (INST -9 "1+j!1+n0!1") (("1" (REVEAL -1) (("1" (INST -1 "n0!1") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INST -8 "j!1+n0!1") (("2" (REVEAL -1) (("2" (INST -1 "1+j!1+n0!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("3" (TYPEPRED "Sample!1") (("3" (INST -2 "1 + j!1 + n0!1") (("3" (SKOSIMP) (("3" (TYPEPRED "t!2") (("3" (SKOSIMP) (("3" (INST 1 "n!2") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("4" (TYPEPRED "Sample!1") (("4" (INST -2 "j!1 + n0!1") (("4" (SKOSIMP) (("4" (TYPEPRED "t!2") (("4" (SKOSIMP) (("4" (INST 1 "n!2") (("4" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (INST -1 "ne!1") NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (HIDE 2) (("3" (SKOSIMP) (("3" (SKOSIMP) (("3" (TYPEPRED "Sample!1") (("3" (INST -2 "n0!1") (("3" (SKOSIMP) (("3" (TYPEPRED "t!2") (("3" (SKOSIMP) (("3" (INST 1 "n!3") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("4" (HIDE -1 2) (("4" (SKOSIMP) (("4" (TYPEPRED "Sample!1") (("4" (INST -2 "ne!1") (("4" (SKOSIMP) (("4" (TYPEPRED "t!1") (("4" (SKOSIMP) (("4" (INST 1 "n!3") (("4" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|pred| TYPE-EQ-DECL NIL |defined_types| NIL) NIL (|FilteredTickPred| NONEMPTY-TYPE-EQ-DECL NIL |Held_For_TD| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) NIL (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (<= CONST-DECL "bool" |reals| NIL) NIL (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|nnint_plus_nnint_is_nnint| APPLICATION-JUDGEMENT "nonneg_int" |integers| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (FILTER_TRUTH1 FORMULA-DECL NIL |Held_For_TD| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) NIL NIL (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL)) 247 244 T SHOSTAK)) (|Held_For_VERIFY2_TCC1| 0 (|Held_For_VERIFY2_TCC1-1| NIL 3395614870 3396348445 ("" (SUBTYPE-TCC) NIL NIL) UNCHECKED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 5 4 NIL NIL)) (|Held_For_VERIFY2| 0 (|Held_For_VERIFY2-2| NIL 3395931205 3396348378 ("" (SKOSIMP) (("" (EXPAND "Held_For_I") (("" (SKOSIMP) (("" (EXPAND "Held_For") (("" (TYPEPRED "n!1") (("" (INST 1 "Sample!1(n0!1)") (("1" (BDDSIMP) (("1" (SKOSIMP) (("1" (TYPEPRED "t!1") (("1" (SKOSIMP) (("1" (LEMMA "FILTER_TRUTH3") (("1" (INST -1 "Pf!1" "Sample!1" "n!1-n0!1" "n0!1") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (INST -1 "t!1") (("1" (INST -7 "n0!1") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "n0!1") (("2" (LEMMA "Sample_Compare1") (("2" (INST -1 "Sample!1" "n0!1" "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (LEMMA "FILTER_TRUTH3") (("2" (INST -1 "Pf!1" "Sample!1" "n!1-n0!1" "n0!1") (("2" (ASSERT) (("2" (BDDSIMP) (("1" (INST -1 "t!1") (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (INST -6 "ne!2") NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Compare1") (("2" (INST -1 "Sample!1" "n0!1" "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -2 "n0!1") (("2" (SKOSIMP) (("2" (TYPEPRED "t!1") (("2" (SKOSIMP) (("2" (INST 1 "n!2") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (>= CONST-DECL "bool" |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (FILTER_TRUTH3 FORMULA-DECL NIL |Held_For_TD| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|Sample_Compare1| FORMULA-DECL NIL |Held_For_TD| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|FilteredTickPred| NONEMPTY-TYPE-EQ-DECL NIL |Held_For_TD| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (/= CONST-DECL "boolean" |notequal| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) NIL NIL (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TD| NIL) NIL NIL (|Held_For| CONST-DECL "pred[tick]" |Held_For_TD| NIL) (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 3322 155 T NIL) (|Held_For_VERIFY2-1| NIL 3395751112 3395931132 ("" (SKOSIMP) (("" (EXPAND "Held_For_I") (("" (SPLIT) (("1" (BDDSIMP) (("1" (SKOSIMP) (("1" (EXPAND "Held_For") (("1" (TYPEPRED "n!1") (("1" (INST 1 "Sample!1(n0!1)") (("1" (BDDSIMP) (("1" (SKOSIMP) (("1" (TYPEPRED "t!1") (("1" (SKOSIMP) (("1" (LEMMA "FILTER_TRUTH3") (("1" (INST -1 "Pf!1" "Sample!1" "n!1-n0!1" "n0!1") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (INST -1 "t!1") (("1" (INST -8 "n0!1") (("1" (GRIND) NIL NIL) ("2" (TYPEPRED "n0!1") (("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (INST -7 "ne!1") NIL NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (BDDSIMP) (("2" (LEMMA "FILTER_TRUTH3") (("2" (INST -1 "Pf!1" "Sample!1" "Kmin(d!1) + 1" "-1 - Kmin(d!1) + n!1") (("1" (BDDSIMP) (("1" (EXPAND "Held_For") (("1" (INST 2 "Sample!1(-1 - Kmin(d!1) + n!1)") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (SKOSIMP) (("1" (INST -1 "t!1") (("1" (INST -2 "-1 - Kmin(d!1) + n!1") (("1" (ASSERT) NIL NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Interval2") (("2" (INST -1 "Sample!1" "-1 - Kmin(d!1) + n!1" "Kmin(d!1) + 1") (("1" (CASE "(Kmin(d!1) + 1) * (K - TL)>=d!1-delta_L") (("1" (GRIND) NIL NIL) ("2" (HIDE 2 3) (("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 19893 1793 T SHOSTAK)) (|Held_For_VERIFY3| 0 (|Held_For_VERIFY3-2| NIL 3396526321 3396526384 ("" (SKOSIMP) (("" (EXPAND "Held_For_I") (("" (SKOSIMP) (("" (INST 1 "n0!1") (("1" (SKOSIMP) (("1" (INST -1 "n!2") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (TYPEPRED "n!1") (("2" (TYPEPRED "n0!1") (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|n!2| SKOLEM-CONST-DECL "{n: nat | n0!1 <= n AND n <= 1 + n!1}" |Held_For_TD| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TD| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TD| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |Held_For_TD| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Sample!1| SKOLEM-CONST-DECL "Sample_Type" |Held_For_TD| NIL) (|n!1| SKOLEM-CONST-DECL "nat" |Held_For_TD| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TD| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|d!1| SKOLEM-CONST-DECL "Duration" |Held_For_TD| NIL) (|n0!1| SKOLEM-CONST-DECL "{n0 | Sample!1(n!1) - Sample!1(n0) >= d!1 - delta_L}" |Held_For_TD| NIL) (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 6193 149 NIL NIL) (|Held_For_VERIFY3-1| NIL 3396280667 3396526315 ("" (SKOSIMP) (("" (EXPAND "Held_For_I") (("" (SKOSIMP) (("" (INST 1 "n0!1+1") (("1" (SKOSIMP) (("1" (INST -1 "n!2") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (TYPEPRED "n!1") (("2" (TYPEPRED "n0!1") (("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 5006 44 T SHOSTAK)) (TEST 0 (TEST-1 NIL 3396282586 3396348445 ("" (SKOSIMP) (("" (CASE "ne!1-n0!1 bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TC| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TC| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TC| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TC| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TC| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|member| CONST-DECL "bool" |sets| NIL) (|empty?| CONST-DECL "bool" |sets| NIL) (|nonempty?| CONST-DECL "bool" |sets| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 128 110 NIL NIL)) (|duration_TCC1| 0 (|duration_TCC1-1| NIL 3394566027 3396343751 ("" (SUBTYPE-TCC) NIL NIL) UNFINISHED NIL 114 111 NIL NIL)) (|duration_TCC2| 0 (|duration_TCC2-1| NIL 3394566027 3395758120 ("" (SUBTYPE-TCC) NIL NIL) PROVED-INCOMPLETE ((|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TC| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TC| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TC| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TC| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TC| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TC| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 70 40 NIL NIL)) (|Event_Start_time_TCC1| 0 (|Event_Start_time_TCC1-1| NIL 3394566027 3396343752 ("" (SUBTYPE-TCC) NIL NIL) UNFINISHED NIL 104 103 NIL NIL)) (|Event_Start_time_TCC2| 0 (|Event_Start_time_TCC2-1| NIL 3394566027 3395758120 ("" (SUBTYPE-TCC) NIL NIL) PROVED-INCOMPLETE ((|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TC| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TC| NIL)) 22 20 NIL NIL)) (|Held_For_TC_TCC1| 0 (|Held_For_TC_TCC1-1| NIL 3394569662 3395758120 ("" (COND-DISJOINT-TCC) NIL NIL) PROVED-INCOMPLETE ((|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TC| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TC| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TC| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TC| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TC| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TC| NIL) (|duration| CONST-DECL "time" |Held_For_TC| NIL) (|Decision| CONST-DECL "time" |Held_For_TC| NIL) (|choose| CONST-DECL "(p)" |sets| NIL) (|Event_Start_time| CONST-DECL "time" |Held_For_TC| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 242 190 NIL NIL)) (|Held_For_TC_TCC2| 0 (|Held_For_TC_TCC2-1| NIL 3394569662 3395758120 ("" (COND-COVERAGE-TCC) NIL NIL) PROVED-INCOMPLETE ((|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TC| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TC| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TC| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TC| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TC| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TC| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 146 130 NIL NIL)) (|Test_choose1| 0 (|Test_choose1-1| NIL 3394566027 3396343752 ("" (GRIND) NIL NIL) PROVED-COMPLETE ((|choose| CONST-DECL "(p)" |sets| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|nonempty_singleton_finite| APPLICATION-JUDGEMENT "non_empty_finite_set" |finite_sets| NIL) (|Duration| TYPE-EQ-DECL NIL |Held_For_TC| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |Held_For_TC| NIL) (< CONST-DECL "bool" |reals| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|delta_R| FORMAL-CONST-DECL "time" |Held_For_TC| NIL) (|delta_L| FORMAL-CONST-DECL "time" |Held_For_TC| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |Held_For_TC| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 47 47 T SHOSTAK)) (|test01| 0 (|test01-2| NIL 3394569738 3396343752 ("" (SKOSIMP) (("" (ASSERT) (("" (EXPAND "Decision") (("" (ASSERT) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) PROVED-COMPLETE ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Decision| CONST-DECL "time" |Held_For_TC| NIL)) 12 12 T NIL) (|test01-1| NIL 3394569691 3394569696 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 552 146 T SHOSTAK)) (|sup_lemma1_TCC1| 0 (|sup_lemma1_TCC1-1| NIL 3394570854 3396343754 ("" (SUBTYPE-TCC) NIL NIL) UNFINISHED NIL 176 174 NIL NIL)) (|sup_lemma1| 0 (|sup_lemma1-1| NIL 3394570854 3396343754 ("" (SKOSIMP) (("" (GRIND) (("" (EXPAND "diffBelow") (("" (ASSERT) (("" (GRIND) (("" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 38 38 NIL SHOSTAK)) (|test11| 0 (|test11-1| NIL 3394569768 3396343755 ("" (SKOSIMP) (("" (ASSERT) (("" (GRIND) (("" (EXPAND "duration") (("" (LIFT-IF) (("" (BDDSIMP) (("1" (LEMMA "test01") (("1" (INST -1 "d!1") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (LEMMA "test01") (("2" (INST -1 "d!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL) ("3" (GRIND) (("3" (EXPAND "duration") (("3" (LIFT-IF) (("3" (ASSERT) (("3" (GRIND) (("1" (LEMMA "sup_def") (("1" (INST -1 "diffBelow(P!1)(sup(diffBelow(P!1)(t!1)))" "sup(diffBelow(P!1)(t!1))") (("1" (BDDSIMP) (("1" (ASSERT) (("1" (BDDSIMP) (("1" (INST -3 "t!1") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (ASSERT) (("1" (POSTPONE) NIL NIL)) NIL) ("2" (SKOSIMP) (("2" (TYPEPRED "z!1") (("2" (EXPAND "diffBelow" -2) (("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("4" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 80 79 T SHOSTAK)) (|test21| 0 (|test21-1| NIL 3394571441 3396343755 ("" (POSTPONE) NIL NIL) UNFINISHED NIL 7 6 T SHOSTAK))) $$$TimerGeneral.pvs TimerGeneral [K:posreal, (IMPORTING Clocks[K]) TL,TR:{t:time|tdelta_L AND du>delta_R AND du-delta_L>K+TR} timeout : var Duration TimeOut: var nonneg_real CurrentP:var bool ne,n0,n:var nat step: var tick TimerUpdate(CurrentP,TimeOut,previous,step):tick= TABLE %------------------------------------% |[previous=TimeOut]| %----------------------------------------------------% |CurrentP |previous+step |previous || %----------------------------------------------------% |NOT CurrentP |0 |0 || %----------------------------------------------------% ENDTABLE Timer(P,Sample,TimeOut)(ne):RECURSIVE tick= TABLE |ne=0 |TimerUpdate(P(Sample(ne)),TimeOut,0,0) || |ne>0 AND P(Sample(ne-1)) |TimerUpdate(P(Sample(ne)),TimeOut,Timer(P,Sample,TimeOut)(ne-1),Sample(ne)-Sample(ne-1)) || |ne>0 AND NOT P(Sample(ne-1)) |TimerUpdate(P(Sample(ne)),TimeOut,Timer(P,Sample,TimeOut)(ne-1),0) || ENDTABLE MEASURE ne %Timer Wrong Version %Timer(P,Sample,timeout)(ne):RECURSIVE clock= TABLE %--------------------------------------------------------------------------------% %|[ne=0 | NOT ne=0 ]| %--------------------------------------------------------------------------------% %|TimerUpdate(P(Sample(ne)),timeout,0,0) | TimerUpdate(P(Sample(ne)),timeout,Timer(P,Sample,timeout)(ne-1),Sample(ne)-Sample(ne-1))|| %--------------------------------------------------------------------------------% %ENDTABLE %MEASURE rank(ne) Timer_Lemma2: lemma Timer(P,Sample,TimeOut)(ne)>0 IMPLIES P(Sample(ne)) Timer_Lemma3: lemma Timer(P,Sample,timeout)(ne)>=0 %Timer_Lemma3: lemma %Timer(P,timeout)(t)>=timeout IMPLIES t>=0 Timer_Lemma4: lemma %t >= floor((t_h - timeout) / K) * K & t <= t_h AND P(t) AND NOT init(t) AND Timer(P,timeout)(pre(t))>=timeout-(t_h-t) IMPLIES t>=timeout-(t_h-t) Timer(P, Sample, timeout - delta_L)(ne)=0 IMPLIES Timer(P, Sample, timeout - delta_L)(ne+n)<=Sample(ne+n) - Sample(ne) %n<=ne AND Timer(P, Sample, timeout - delta_L)(ne-n)>0 IMPLIES Sample(ne-n) - Sample(ne) - delta_L + timeout >= 0 Timer_Lemma6: lemma Sample(n0+n)-Sample(n0)>0 IMPLIES Timer(P,Sample,TimeOut)(n0+n)>=Sample(n0+n)-Sample(n0) IMPLIES FORALL(ne:nat|n0<=ne AND ne<=n+n0):P(Sample(ne)) Timer_Lemma7: lemma Timer(P,Sample,TimeOut)(n)<=Sample(n)-Sample(0) TimerGeneral1: THEOREM Held_For_I(P,timeout,Sample)(n) IMPLIES Timer(P,Sample,timeout-delta_L)(n)>=timeout-delta_L %FORALL(t|NOT init(t)): Held_For(P,timeout)(t) IMPLIES P(t) AND Timer(P,timeout)(pre(t))>=timeout TimerGeneral2: THEOREM Timer(P,Sample,timeout-delta_L)(n)>=timeout-delta_L IMPLIES Held_For_I(P,timeout,Sample)(n) TimerGeneral: THEOREM Held_For_I(P,timeout,Sample)(n) IFF Timer(P,Sample,timeout-delta_L)(n)>=timeout-delta_L %(IF init(t) THEN FALSE ELSE P(t) AND Timer(P,timeout)(pre(t))>=timeout ENDIF )= Held_For(P,timeout)(t) Timer_Eqv: THEOREM Timer(P,Sample,timeout-delta_L)(n+1)>=timeout-delta_L IFF (Timer(P,Sample,timeout-delta_L)(n)+Sample(n+1)-Sample(n)>=timeout-delta_L AND P(Sample(n+1))) Timer_General: THEOREM Held_For_I(P,timeout,Sample)(n+1) IFF Timer(P,Sample,timeout-delta_L)(n)+Sample(n+1)-Sample(n)>=timeout-delta_L AND P(Sample(n+1)) END TimerGeneral $$$TimerGeneral.prf (|TimerGeneral| (|TimerUpdate_TCC1| 0 (|TimerUpdate_TCC1-1| NIL 3396922214 3403455045 ("" (SKOSIMP) (("" (TYPEPRED "previous!1") (("" (TYPEPRED "step!1") (("" (SKOSIMP) (("" (SKOSIMP) (("" (INST 1 "n!1+n!2") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|nnint_plus_nnint_is_nnint| APPLICATION-JUDGEMENT "nonneg_int" |integers| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL)) 91 90 T NIL)) (|TimerUpdate_TCC2| 0 (|TimerUpdate_TCC2-1| NIL 3396922214 3403455045 ("" (SUBTYPE-TCC) NIL NIL) PROVED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 33 32 NIL NIL)) (|TimerUpdate_TCC3| 0 (|TimerUpdate_TCC3-1| NIL 3396922214 3403455046 ("" (COND-DISJOINT-TCC) NIL NIL) PROVED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 108 107 NIL NIL)) (|TimerUpdate_TCC4| 0 (|TimerUpdate_TCC4-1| NIL 3396922214 3403455046 ("" (SKOSIMP) (("" (INST 2 "0") (("" (ASSERT) NIL NIL)) NIL)) NIL) PROVED ((|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL)) 6 7 T NIL)) (|TimerUpdate_TCC5| 0 (|TimerUpdate_TCC5-1| NIL 3396922214 3403455047 ("" (SUBTYPE-TCC) NIL NIL) PROVED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 43 42 NIL NIL)) (|TimerUpdate_TCC6| 0 (|TimerUpdate_TCC6-1| NIL 3396922214 3403455047 ("" (COND-COVERAGE-TCC) NIL NIL) PROVED ((|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 5 4 NIL NIL)) (|Timer_TCC1| 0 (|Timer_TCC1-1| NIL 3396922214 3403455047 ("" (SKOSIMP) (("" (TYPEPRED "Sample!1") (("" (INST -2 "ne!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 1 "n!1") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL)) 22 22 T NIL)) (|Timer_TCC2| 0 (|Timer_TCC2-1| NIL 3396922214 3403455047 ("" (SKOSIMP) (("" (INST 1 "0") (("" (GRIND) NIL NIL)) NIL)) NIL) PROVED ((|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL)) 6 6 T NIL)) (|Timer_TCC3| 0 (|Timer_TCC3-1| NIL 3396922214 3403455047 ("" (SUBTYPE-TCC) NIL NIL) PROVED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 7 8 NIL NIL)) (|Timer_TCC4| 0 (|Timer_TCC4-1| NIL 3396922214 3403455047 ("" (ASSERT) (("" (SKOSIMP) (("" (TYPEPRED "Sample!1") (("" (INST -2 "ne!1-1") (("1" (SKOSIMP) (("1" (TYPEPRED "t!1") (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|ne!1| SKOLEM-CONST-DECL "nat" |TimerGeneral| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 20 19 T NIL)) (|Timer_TCC5| 0 (|Timer_TCC5-1| NIL 3396922214 3403455048 ("" (SKOSIMP) (("" (TYPEPRED "Sample!1") (("" (INST -2 "ne!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 1 "n!1") (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL)) 25 24 T NIL)) (|Timer_TCC6| 0 (|Timer_TCC6-1| NIL 3396922214 3403455048 ("" (SUBTYPE-TCC) NIL NIL) PROVED NIL 3 3 NIL NIL)) (|Timer_TCC7| 0 (|Timer_TCC7-1| NIL 3396922214 3403455050 ("" (SKOSIMP) (("" (SPLIT) (("1" (TYPEPRED "Sample!1") (("1" (INST -1 "ne!1-1") (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (TYPEPRED "Sample!1") (("2" (INST -2 "ne!1-1") (("1" (INST -4 "ne!1") (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (TYPEPRED "t!1") (("1" (TYPEPRED "t!2") (("1" (SKOSIMP) (("1" (SKOSIMP) (("1" (INST 1 "n!1-n!2") (("1" (GRIND) NIL NIL) ("2" (INST -5 "ne!1-1") (("1" (CASE "n!1 * delta_t-n!2 * delta_t>=0") (("1" (BOTH-SIDES "*" "delta_t" 1) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|ne!1| SKOLEM-CONST-DECL "nat" |TimerGeneral| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|pos_times_ge| FORMULA-DECL NIL |real_props| NIL) (|zero_times1| FORMULA-DECL NIL |real_props| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|n!1| SKOLEM-CONST-DECL "nat" |TimerGeneral| NIL) (|n!2| SKOLEM-CONST-DECL "nat" |TimerGeneral| NIL)) 189 187 T NIL)) (|Timer_TCC8| 0 (|Timer_TCC8-1| NIL 3396922214 3403455050 ("" (SKOSIMP) (("" (TYPEPRED "Sample!1") (("" (INST -2 "ne!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 2 "n!1") (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL)) 29 28 T NIL)) (|Timer_TCC9| 0 (|Timer_TCC9-1| NIL 3396922214 3403455050 ("" (SUBTYPE-TCC) NIL NIL) PROVED NIL 3 3 NIL NIL)) (|Timer_TCC10| 0 (|Timer_TCC10-1| NIL 3396922214 3403455050 ("" (SKOSIMP) (("" (INST 2 "0") (("" (GRIND) NIL NIL)) NIL)) NIL) PROVED ((|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL)) 18 18 T NIL)) (|Timer_TCC11| 0 (|Timer_TCC11-1| NIL 3396922214 3403455051 ("" (COND-DISJOINT-TCC) NIL NIL) PROVED ((|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|odd_plus_even_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|odd_minus_odd_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|even_minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 50 50 NIL NIL)) (|Timer_TCC12| 0 (|Timer_TCC12-1| NIL 3396932999 3403455051 ("" (SUBTYPE-TCC) NIL NIL) PROVED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 20 19 NIL NIL)) (|Timer_Lemma2_TCC1| 0 (|Timer_Lemma2_TCC1-1| NIL 3396922214 3403455051 ("" (SKOSIMP) (("" (TYPEPRED "Sample!1") (("" (INST -2 "ne!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 1 "n!1") (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL)) 24 24 T NIL)) (|Timer_Lemma2| 0 (|Timer_Lemma2-1| NIL 3396922215 3397397659 ("" (SKOSIMP) (("" (EXPAND "Timer") (("" (LIFT-IF) (("" (BDDSIMP) (("1" (EXPAND "TimerUpdate") (("1" (ASSERT) NIL NIL)) NIL) ("2" (EXPAND "TimerUpdate") (("2" (ASSERT) NIL NIL)) NIL) ("3" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Timer| DEF-DECL "tick" |TimerGeneral| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|TimerUpdate| CONST-DECL "tick" |TimerGeneral| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL)) 34 34 T SHOSTAK)) (|Timer_Lemma3| 0 (|Timer_Lemma3-1| NIL 3396936695 3397397659 ("" (SKOSIMP) (("" (GRIND) NIL NIL)) NIL) UNCHECKED ((|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL)) 6 7 T SHOSTAK)) (|Timer_Lemma4_TCC1| 0 (|Timer_Lemma4_TCC1-1| NIL 3397099128 3403455051 ("" (SUBTYPE-TCC) NIL NIL) PROVED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL)) 3 3 NIL NIL)) (|Timer_Lemma4| 0 (|Timer_Lemma4-2| "" 3397099826 3397397662 ("" (INDUCT "n") (("1" (SKOSIMP) (("1" (GRIND) NIL NIL)) NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (INST -1 "P!1" "Sample!1" "ne!1" "timeout!1") (("2" (BDDSIMP) (("2" (EXPAND "Timer" 1) (("2" (LIFT-IF) (("2" (BDDSIMP) (("1" (EXPAND "TimerUpdate") (("1" (ASSERT) (("1" (LIFT-IF) (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "j!1+ne!1") (("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "Sample_Compare") (("3" (INST -1 "Sample!1" "ne!1" "1+j!1+ne!1") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "TimerUpdate") (("2" (ASSERT) (("2" (LIFT-IF) (("2" (ASSERT) (("2" (BDDSIMP) (("1" (EXPAND "Timer" 2) (("1" (GRIND) (("1" (LEMMA "Sample_Compare") (("1" (INST -1 "Sample!1" "ne!1" "1+j!1+ne!1") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "ne!1" "1+j!1+ne!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|Sample_Compare| FORMULA-DECL NIL |Held_For_TD| NIL) (|TimerUpdate| CONST-DECL "tick" |TimerGeneral| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|nnint_plus_nnint_is_nnint| APPLICATION-JUDGEMENT "nonneg_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|Timer| DEF-DECL "tick" |TimerGeneral| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Duration| TYPE-EQ-DECL NIL |TimerGeneral| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL)) 216 216 T SHOSTAK) (|Timer_Lemma4-1| NIL 3397099128 3397099475 ("" (INDUCT "n") (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (INST -1 "P!1" "Sample!1" "ne!1" "timeout!1") (("2" (BDDSIMP) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 34716 236 T SHOSTAK)) (|Timer_Lemma6_TCC1| 0 (|Timer_Lemma6_TCC1-1| NIL 3397344400 3403455051 ("" (SKOSIMP) (("" (SKOSIMP) (("" (TYPEPRED "Sample!1") (("" (INST -2 "ne!1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 1 "n!2") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|nnint_plus_nnint_is_nnint| APPLICATION-JUDGEMENT "nonneg_int" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL)) 42 42 T NIL)) (|Timer_Lemma6| 0 (|Timer_Lemma6-1| NIL 3397344400 3397397668 ("" (INDUCT "n") (("1" (GRIND) NIL NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (INST -1 "P!1" "Sample!1" "TimeOut!1" "n0!1") (("2" (BDDSIMP) (("1" (SKOSIMP) (("1" (TYPEPRED "ne!1") (("1" (CASE "ne!1<=j!1+n0!1 OR ne!1=1+j!1+n0!1") (("1" (SPLIT) (("1" (ASSERT) (("1" (INST -4 "ne!1") NIL NIL)) NIL) ("2" (LEMMA "Timer_Lemma2") (("2" (INST?) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (CASE "Timer(P!1, Sample!1, TimeOut!1)(n0!1 + j!1) =Sample!1(j!1 + n0!1)") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "j!1+n0!1") (("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "Sample_Compare") (("3" (INST -1 "Sample!1" "n0!1" "1+j!1+n0!1") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "TimerUpdate") (("2" (LIFT-IF) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL) ("3" (TYPEPRED "j!1") (("3" (CASE "j!1>0 OR j!1=0") (("1" (SPLIT) (("1" (LEMMA "Sample_Interval2") (("1" (INST?) (("1" (LEMMA "posreal_mult_closed") (("1" (INST -1 "j!1" "K-TL") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (REPLACE -1 * LR) (("2" (ASSERT) (("2" (CASE "P!1(Sample!1(n0!1+1))") (("1" (LEMMA "Timer_Lemma2") (("1" (CASE "P!1(Sample!1(n0!1))") (("1" (REPLACE -4 * RL) (("1" (REPLACE -4 * LR) (("1" (SKOSIMP) (("1" (TYPEPRED "ne!1") (("1" (CASE "ne!1=n0!1 OR ne!1=n0!1+1") (("1" (SPLIT) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -1) (("2" (EXPAND "Timer") (("2" (LIFT-IF) (("2" (BDDSIMP) (("2" (EXPAND "TimerUpdate") (("2" (ASSERT) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n0!1") (("2" (LEMMA "Timer_Lemma2") (("2" (INST?) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (TYPEPRED "Sample!1") (("3" (INST -2 "n0!1") (("3" (SKOSIMP) (("3" (TYPEPRED "t!1") (("3" (SKOSIMP) (("3" (INST 1 "n!1") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (LEMMA "Timer_Lemma2") (("2" (INST?) (("2" (GRIND) NIL NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (TYPEPRED "Sample!1") (("3" (INST -2 "1+n0!1") (("3" (SKOSIMP) (("3" (TYPEPRED "t!1") (("3" (SKOSIMP) (("3" (INST 1 "n!1") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (SKOSIMP) (("3" (SKOSIMP) (("3" (SKOSIMP) (("3" (TYPEPRED "Sample!1") (("3" (INST -2 "ne!1") (("3" (SKOSIMP) (("3" (TYPEPRED "t!1") (("3" (SKOSIMP) (("3" (INST 1 "n!3") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_plus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posreal_mult_closed| FORMULA-DECL NIL |real_axioms| NIL) (|Sample_Interval2| FORMULA-DECL NIL |Held_For_T| NIL) (|even_plus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Sample_Compare| FORMULA-DECL NIL |Held_For_TD| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|TimerUpdate| CONST-DECL "tick" |TimerGeneral| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Timer_Lemma2| FORMULA-DECL NIL |TimerGeneral| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|nnint_plus_nnint_is_nnint| APPLICATION-JUDGEMENT "nonneg_int" |integers| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Timer| DEF-DECL "tick" |TimerGeneral| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL)) 427 427 T SHOSTAK)) (|Timer_Lemma7| 0 (|Timer_Lemma7-1| NIL 3397397239 3397397669 ("" (INDUCT "n") (("1" (SKOSIMP) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (SKOSIMP) (("2" (INST?) (("2" (EXPAND "Timer" 1) (("2" (LIFT-IF) (("2" (BDDSIMP) (("1" (EXPAND "TimerUpdate") (("1" (LIFT-IF) (("1" (BDDSIMP) (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "j!1") (("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("3" (LEMMA "Sample_Compare") (("3" (INST -1 "Sample!1" "0" "1+j!1") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "TimerUpdate") (("2" (ASSERT) (("2" (GRIND) (("1" (TYPEPRED "Sample!1") (("1" (INST -1 "j!1") (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "0" "1+j!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|Sample_Compare| FORMULA-DECL NIL |Held_For_TD| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|TimerUpdate| CONST-DECL "tick" |TimerGeneral| NIL) (|even_plus_even_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|nnint_plus_nnint_is_nnint| APPLICATION-JUDGEMENT "nonneg_int" |integers| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|Timer| DEF-DECL "tick" |TimerGeneral| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL)) 140 140 T SHOSTAK)) (|TimerGeneral1| 0 (|TimerGeneral1-10| "" 3396933241 3397397672 ("" (SKOSIMP) (("" (EXPAND "Held_For_I") (("" (SKOSIMP) (("" (CASE "FORALL (n: nat | n > n0!1 & n <= n!1 ):Timer(P!1, Sample!1, timeout!1-delta_L)(n)>=timeout!1-delta_L-(Sample!1(n!1)-Sample!1(n))") (("1" (INST -1 "n!1") (("1" (ASSERT) NIL NIL) ("2" (TYPEPRED "n0!1") (("2" (LEMMA "Sample_Compare1") (("2" (INST -1 "Sample!1" "n0!1" "n!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "n" 1) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (GRIND) NIL NIL) ("4" (SKOSIMP) (("4" (BDDSIMP) (("1" (ASSERT) (("1" (EXPAND "Timer" 1) (("1" (INST -4 "j!1") (("1" (ASSERT) (("1" (EXPAND "TimerUpdate") (("1" (REVEAL -1) (("1" (INST -1 "1+j!1") (("1" (ASSERT) (("1" (LIFT-IF) (("1" (BDDSIMP) (("1" (GRIND) NIL NIL) ("2" (CASE "Sample!1(1 + j!1) <= Sample!1(n!1)") (("1" (ASSERT) NIL NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "1+j!1" "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL) ("3" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(j!1 + 1)>= Sample!1(j!1+1)-Sample!1(j!1)") (("1" (CASE "j!1=n0!1") (("1" (REPLACE -1 * LR) (("1" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (CASE "j!1=n0!1") (("1" (HIDE -2 -3 2 3) (("1" (EXPAND "Timer") (("1" (LIFT-IF) (("1" (BDDSIMP) (("1" (EXPAND "TimerUpdate") (("1" (LIFT-IF) (("1" (INST -3 "1+j!1") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (LEMMA "Timer_Lemma3") (("1" (INST?) (("1" (ASSERT) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(j!1) >= timeout!1 - delta_L") (("1" (HIDE 1) (("1" (TYPEPRED "timeout!1") (("1" (TYPEPRED "Sample!1") (("1" (INST -1 "j!1") (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (HIDE 2) (("2" (GRIND) (("2" (TYPEPRED "n0!1") (("2" (LEMMA "Sample_Compare1") (("2" (INST -1 "Sample!1" "n0!1" "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (INST -2 "j!1") (("2" (ASSERT) (("2" (TYPEPRED "j!1") (("2" (TYPEPRED "n0!1") (("2" (LEMMA "Sample_Compare1") (("2" (INST -1 "Sample!1" "n0!1" "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (> CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (<= CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Duration| TYPE-EQ-DECL NIL |TimerGeneral| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Timer| DEF-DECL "tick" |TimerGeneral| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|Sample_Compare1| FORMULA-DECL NIL |Held_For_TD| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|minus_even_is_even| APPLICATION-JUDGEMENT "even_int" |integers| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) NIL NIL NIL NIL (|pred| TYPE-EQ-DECL NIL |defined_types| NIL) (IMPLIES CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nat_induction| FORMULA-DECL NIL |naturalnumbers| NIL) (|real_plus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|Sample_Compare| FORMULA-DECL NIL |Held_For_TD| NIL) (|TimerUpdate| CONST-DECL "tick" |TimerGeneral| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|Timer_Lemma3| FORMULA-DECL NIL |TimerGeneral| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|minus_nzint_is_nzint| APPLICATION-JUDGEMENT "nzint" |integers| NIL) NIL (|real_times_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL)) 345 346 T NIL) (|TimerGeneral1-9| "" 3396933200 3396933234 (";;; Proof TimerGeneral1-8 for formula TimerGeneral.TimerGeneral1" (SKOSIMP) ((";;; Proof TimerGeneral1-8 for formula TimerGeneral.TimerGeneral1" (EXPAND "Held_For_I") ((";;; Proof TimerGeneral1-8 for formula TimerGeneral.TimerGeneral1" (SKOSIMP) ((";;; Proof TimerGeneral1-8 for formula TimerGeneral.TimerGeneral1" (CASE "FORALL (n: nat | n > n0!1 & n <= n!1 ):Timer(P!1, Sample!1, timeout!1-delta_L)(n)>=timeout!1-delta_L-(Sample!1(n!1)-Sample!1(n))") (("1" (POSTPONE) NIL) ("2" (HIDE 2) (("2" (INDUCT "n" 1) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (GRIND) NIL) ("4" (GRIND) (("1" (POSTPONE) NIL) ("2" (POSTPONE) NIL) ("3" (POSTPONE) NIL) ("4" (POSTPONE) NIL) ("5" (POSTPONE) NIL) ("6" (POSTPONE) NIL))) ("5" (GRIND) (("1" (POSTPONE) NIL) ("2" (POSTPONE) NIL) ("3" (POSTPONE) NIL) ("4" (POSTPONE) NIL))))))) ("3" (SKOSIMP) (("3" (POSTPONE) NIL)))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 77 1 T NIL) (|TimerGeneral1-8| "" 3396933189 3396933196 ("" (SKOSIMP) (("" (EXPAND "Held_For_I") (("" (SKOSIMP) (("" (CASE "FORALL (n: nat | n > n0!1 & n <= n!1 ):Timer(P!1, Sample!1, timeout!1-delta_L)(n)>=timeout!1-delta_L-(Sample!1(n!1)-Sample!1(n))") (("1" (POSTPONE) NIL NIL) ("2" (HIDE 2) (("2" (INDUCT "n" 1) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (GRIND) NIL NIL) ("4" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL) ("5" (POSTPONE) NIL NIL) ("6" (POSTPONE) NIL NIL)) NIL) ("5" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 76 1 T SHOSTAK) (|TimerGeneral1-7| NIL 3396933134 NIL ("" (SKOSIMP) (("" (EXPAND "Held_For_I") (("" (SKOSIMP) (("" (CASE "FORALL (n: nat | n > n0!1 & n <= n!1 ):Timer(P!1, Sample!1, timeout!1-delta_L)(n)>=timeout!1-delta_L-(Sample!1(n!1)-Sample!1(n))") (("1" (INST -1 "n!1") (("1" (ASSERT) (("1" (GRIND) NIL))) ("2" (POSTPONE) NIL))) ("2" (HIDE 2) (("2" (INDUCT "n" 1) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (GRIND) NIL) ("4" (GRIND) NIL) ("5" (GRIND) NIL) ("6" (SKOSIMP) (("6" (BDDSIMP) (("1" (INST -5 "j!1+1") (("1" (GRIND) NIL))) ("2" (POSTPONE) NIL) ("3" (INST -3 "j!1+1") (("3" (GRIND) NIL))) ("4" (GRIND) NIL) ("5" (CASE "j!1>n0!1 OR j!1=n0!1") (("1" (SPLIT) (("1" (PROPAX) NIL) ("2" (REPLACE -1 * LR) (("2" (INST -4 "n0!1+1") (("2" (GRIND) NIL))))))) ("2" (GRIND) NIL))) ("6" (TYPEPRED "n0!1") (("6" (POSTPONE) NIL))))))) ("7" (SKOSIMP) (("7" (POSTPONE) NIL))) ("8" (GRIND) (("1" (POSTPONE) NIL) ("2" (POSTPONE) NIL))) ("9" (POSTPONE) NIL))))) ("3" (SKOSIMP) (("3" (POSTPONE) NIL))) ("4" (POSTPONE) NIL)))))))) NIL) UNCHECKED NIL NIL NIL NIL NIL) (|TimerGeneral1-6| NIL 3396933011 3396933086 (";;; Proof TimerGeneral1-5 for formula TimerGeneral.TimerGeneral1" (SKOSIMP) ((";;; Proof TimerGeneral1-5 for formula TimerGeneral.TimerGeneral1" (EXPAND "Held_For_I") ((";;; Proof TimerGeneral1-5 for formula TimerGeneral.TimerGeneral1" (SKOSIMP) ((";;; Proof TimerGeneral1-5 for formula TimerGeneral.TimerGeneral1" (CASE "FORALL (n: nat | n > n0!1 & n <= n!1 ):Timer(P!1, Sample!1, timeout!1-delta_L)(n - 1)>=timeout!1-delta_L-(Sample!1(n!1)-Sample!1(n)) AND P!1(Sample!1(n))") (("1" (INST -1 "n!1") (("1" (ASSERT) (("1" (GRIND) NIL))) ("2" (POSTPONE) NIL))) ("2" (HIDE 2) (("2" (INDUCT "n" 1) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (GRIND) NIL) ("4" (GRIND) NIL) ("5" (GRIND) NIL) ("6" (SKOSIMP) (("6" (BDDSIMP) (("1" (INST -5 "j!1+1") (("1" (GRIND) NIL))) ("2" (POSTPONE) NIL) ("3" (INST -3 "j!1+1") (("3" (GRIND) NIL))) ("4" (GRIND) NIL) ("5" (CASE "j!1>n0!1 OR j!1=n0!1") (("1" (SPLIT) (("1" (PROPAX) NIL) ("2" (REPLACE -1 * LR) (("2" (INST -4 "n0!1+1") (("2" (GRIND) NIL))))))) ("2" (GRIND) NIL))) ("6" (TYPEPRED "n0!1") (("6" (POSTPONE) NIL))))))) ("7" (SKOSIMP) (("7" (POSTPONE) NIL))) ("8" (GRIND) (("1" (POSTPONE) NIL) ("2" (POSTPONE) NIL))) ("9" (POSTPONE) NIL))))) ("3" (SKOSIMP) (("3" (POSTPONE) NIL))) ("4" (POSTPONE) NIL)))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 7418 410 T NIL) (|TimerGeneral1-5| NIL 3396928884 3396928947 ("" (SKOSIMP) (("" (EXPAND "Held_For_I") (("" (SKOSIMP) (("" (CASE "FORALL (n: nat | n > n0!1 & n <= n!1 ):Timer(P!1, Sample!1, timeout!1-delta_L)(n - 1)>=timeout!1-delta_L-(Sample!1(n!1)-Sample!1(n)) AND P!1(Sample!1(n))") (("1" (INST -1 "n!1") (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "n" 1) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (GRIND) NIL NIL) ("4" (GRIND) NIL NIL) ("5" (GRIND) NIL NIL) ("6" (SKOSIMP) (("6" (BDDSIMP) (("1" (INST -5 "j!1+1") (("1" (GRIND) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL) ("3" (INST -3 "j!1+1") (("3" (GRIND) NIL NIL)) NIL) ("4" (GRIND) NIL NIL) ("5" (CASE "j!1>n0!1 OR j!1=n0!1") (("1" (SPLIT) (("1" (PROPAX) NIL NIL) ("2" (REPLACE -1 * LR) (("2" (INST -4 "n0!1+1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("6" (TYPEPRED "n0!1") (("6" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("7" (SKOSIMP) (("7" (POSTPONE) NIL NIL)) NIL) ("8" (GRIND) (("1" (POSTPONE) NIL NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("9" (POSTPONE) NIL NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (POSTPONE) NIL NIL)) NIL) ("4" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 6282 295 NIL NIL) (|TimerGeneral1-4| NIL 3396928853 3396928860 (";;; Proof TimerGeneral1-3 for formula TimerGeneral.TimerGeneral1" (SKOSIMP) ((";;; Proof TimerGeneral1-3 for formula TimerGeneral.TimerGeneral1" (EXPAND "Held_For_I") ((";;; Proof TimerGeneral1-3 for formula TimerGeneral.TimerGeneral1" (SKOSIMP) ((";;; Proof TimerGeneral1-3 for formula TimerGeneral.TimerGeneral1" (CASE "FORALL (n: nat | n > n0!1 & n <= n!1 ):Timer(P!1, Sample!1, timeout!1-delat_L)(n - 1)>=timeout!1-delta_L-(Sample!1(n!1)-Sample!1(n)) AND P!1(Sample!1(n))") (("1" (INST -1 "n!1") (("1" (ASSERT) (("1" (GRIND) NIL))) ("2" (POSTPONE) NIL))) ("2" (HIDE 2) (("2" (INDUCT "n" 1) (("1" (GRIND) NIL) ("2" (GRIND) NIL) ("3" (GRIND) NIL) ("4" (GRIND) NIL) ("5" (GRIND) NIL) ("6" (SKOSIMP) (("6" (BDDSIMP) (("1" (INST -5 "j!1+1") (("1" (GRIND) NIL))) ("2" (POSTPONE) NIL) ("3" (INST -3 "j!1+1") (("3" (GRIND) NIL))) ("4" (GRIND) NIL) ("5" (CASE "j!1>n0!1 OR j!1=n0!1") (("1" (SPLIT) (("1" (PROPAX) NIL) ("2" (REPLACE -1 * LR) (("2" (INST -4 "n0!1+1") (("2" (GRIND) NIL))))))) ("2" (GRIND) NIL))) ("6" (TYPEPRED "n0!1") (("6" (POSTPONE) NIL))))))) ("7" (SKOSIMP) (("7" (POSTPONE) NIL))) ("8" (GRIND) NIL))))) ("3" (SKOSIMP) (("3" (POSTPONE) NIL)))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 710 23 T NIL) (|TimerGeneral1-3| NIL 3396928815 3396928846 ("" (SKOSIMP) (("" (EXPAND "Held_For_I") (("" (SKOSIMP) (("" (CASE "FORALL (n: nat | n > n0!1 & n <= n!1 ):Timer(P!1, Sample!1, timeout!1)(n - 1)>=timeout!1-delta_L-(Sample!1(n!1)-Sample!1(n)) AND P!1(Sample!1(n))") (("1" (INST -1 "n!1") (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "n" 1) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (GRIND) NIL NIL) ("4" (GRIND) NIL NIL) ("5" (GRIND) NIL NIL) ("6" (SKOSIMP) (("6" (BDDSIMP) (("1" (INST -5 "j!1+1") (("1" (GRIND) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL) ("3" (INST -3 "j!1+1") (("3" (GRIND) NIL NIL)) NIL) ("4" (GRIND) NIL NIL) ("5" (CASE "j!1>n0!1 OR j!1=n0!1") (("1" (SPLIT) (("1" (PROPAX) NIL NIL) ("2" (REPLACE -1 * LR) (("2" (INST -4 "n0!1+1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("6" (TYPEPRED "n0!1") (("6" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("7" (SKOSIMP) (("7" (POSTPONE) NIL NIL)) NIL) ("8" (GRIND) NIL NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 2916 262 NIL NIL) (|TimerGeneral1-2| NIL 3396927928 3396928680 ("" (SKOSIMP) (("" (EXPAND "Held_For_I") (("" (SKOSIMP) (("" (CASE "FORALL (n: nat | n > n0!1 & n <= n!1 ):Timer(P!1, Sample!1, timeout!1)(n - 1)>=timeout!1-delta_L-(Sample!1(n!1)-Sample!1(n)) AND P!1(Sample!1(n))") (("1" (INST -1 "n!1") (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "n" 1) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (GRIND) NIL NIL) ("4" (GRIND) NIL NIL) ("5" (GRIND) NIL NIL) ("6" (SKOSIMP) (("6" (BDDSIMP) (("1" (INST -5 "j!1+1") (("1" (GRIND) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL) ("3" (INST -3 "j!1+1") (("3" (GRIND) NIL NIL)) NIL) ("4" (GRIND) NIL NIL) ("5" (CASE "j!1>n0!1 OR j!1=n0!1") (("1" (SPLIT) (("1" (PROPAX) NIL NIL) ("2" (REPLACE -1 * LR) (("2" (INST -4 "n0!1+1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("6" (TYPEPRED "n0!1") (("6" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("7" (SKOSIMP) (("7" (POSTPONE) NIL NIL)) NIL) ("8" (GRIND) NIL NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 6466 401 T NIL) (|TimerGeneral1-1| NIL 3396925934 3396927903 ("" (SKOSIMP) (("" (EXPAND "Held_For_I") (("" (SKOSIMP) (("" (CASE "FORALL (n: nat | n > n0!1 & n <= n!1 ):Timer(P!1, Sample!1, timeout!1)(n - 1)>=timeout!1-(Sample!1(n!1)-Sample!1(n)) AND P!1(Sample!1(n))") (("1" (INST -1 "n!1") (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "n" 1) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL) ("3" (GRIND) NIL NIL) ("4" (GRIND) NIL NIL) ("5" (GRIND) NIL NIL) ("6" (SKOSIMP) (("6" (BDDSIMP) (("1" (INST -5 "j!1+1") (("1" (GRIND) NIL NIL)) NIL) ("2" (POSTPONE) NIL NIL) ("3" (INST -3 "j!1+1") (("3" (GRIND) NIL NIL)) NIL) ("4" (GRIND) NIL NIL) ("5" (CASE "j!1>n0!1 OR j!1=n0!1") (("1" (SPLIT) (("1" (PROPAX) NIL NIL) ("2" (REPLACE -1 * LR) (("2" (INST -4 "n0!1+1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("6" (TYPEPRED "n0!1") (("6" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("7" (SKOSIMP) (("7" (POSTPONE) NIL NIL)) NIL) ("8" (GRIND) NIL NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 67423 717 T SHOSTAK)) (|TimerGeneral2| 0 (|TimerGeneral2-16| NIL 3397397154 3397397675 ("" (SKOSIMP) (("" (CASE "Sample!1(n!1)- Sample!1(0)>= timeout!1-delta_L OR Sample!1(n!1)- Sample!1(0)< timeout!1-delta_L") (("1" (SPLIT) (("1" (LEMMA "TClock_3") (("1" (INST?) (("1" (INST -1 "Sample!1(n!1)-timeout!1+delta_L") (("1" (SKOSIMP) (("1" (LEMMA "Timer_Lemma6") (("1" (INST?) (("1" (INST -1 "n!1-n!2-1" "n!2+1") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (INST 1 "n!2") (("1" (SKOSIMP) (("1" (TYPEPRED "n!3") (("1" (CASE "n!3=n!2 OR n!3>=n!2+1") (("1" (SPLIT) (("1" (LEMMA "Timer_Lemma4") (("1" (INST -1 "P!1" "Sample!1" "n!1-n!2-1" "n!2+1" "timeout!1") (("1" (ASSERT) (("1" (HIDE -8) (("1" (EXPAND "Timer") (("1" (EXPAND "TimerUpdate") (("1" (ASSERT) (("1" (GRIND) (("1" (EXPAND "Timer") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (INST -4 "n!3") (("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "n!2") (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "n!2") (("2" (CASE "Sample!1(n!1)>=Sample!1(n!2+1)") (("1" (ASSERT) (("1" (LEMMA "Sample_Compare1") (("1" (INST -1 "Sample!1" "n!2+1" "n!1") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Held_For_I") (("2" (HIDE 1) (("2" (LEMMA "Timer_Lemma7") (("2" (INST?) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) UNCHECKED ((|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (OR CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (>= CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Duration| TYPE-EQ-DECL NIL |TimerGeneral| NIL) (|Timer_Lemma7| FORMULA-DECL NIL |TimerGeneral| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|TClock_3| FORMULA-DECL NIL |Held_For_T| NIL) NIL NIL NIL (|real_plus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|Timer_Lemma6| FORMULA-DECL NIL |TimerGeneral| NIL) NIL (- CONST-DECL "[numfield -> numfield]" |number_fields| NIL) (|int_minus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|TimerUpdate| CONST-DECL "tick" |TimerGeneral| NIL) (|Timer| DEF-DECL "tick" |TimerGeneral| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|Timer_Lemma4| FORMULA-DECL NIL |TimerGeneral| NIL) NIL (|Held_For_I| CONST-DECL "bool" |Held_For_TD| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|int_plus_int_is_int| APPLICATION-JUDGEMENT "int" |integers| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|Sample_Compare1| FORMULA-DECL NIL |Held_For_TD| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL)) 263 264 T NIL) (|TimerGeneral2-15| NIL 3397358386 NIL ("" (SKOSIMP) (("" (CASE "Sample!1(n!1)- Sample!1(0)>= timeout!1-delta_L OR Sample!1(n!1)- Sample!1(0)< timeout!1-delta_L") (("1" (SPLIT) (("1" (LEMMA "TClock_2") (("1" (INST?) (("1" (INST -1 "Sample!1(n!1)-timeout!1+delta_L") (("1" (SKOSIMP) (("1" (LEMMA "Timer_Lemma6") (("1" (INST?) (("1" (INST -1 "n!1-n!2-1" "n!2+1") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (INST 1 "n!2") (("1" (SKOSIMP) (("1" (TYPEPRED "n!3") (("1" (CASE "n!3=n!2 OR n!3>=n!2+1") (("1" (SPLIT) (("1" (LEMMA "Timer_Lemma4") (("1" (INST -1 "P!1" "Sample!1" "n!1-n!2-1" "n!2+1" "timeout!1") (("1" (ASSERT) (("1" (HIDE -8) (("1" (EXPAND "Timer") (("1" (EXPAND "TimerUpdate") (("1" (ASSERT) (("1" (GRIND) (("1" (EXPAND "Timer") (("1" (ASSERT) NIL))))))))))))))) ("2" (ASSERT) NIL))))) ("2" (INST -4 "n!3") (("2" (ASSERT) NIL))))) ("2" (ASSERT) (("2" (GRIND) NIL))))))))))))) ("2" (TYPEPRED "n!2") (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) (("2" (GRIND) NIL))))))))))))) ("2" (TYPEPRED "n!2") (("2" (CASE "Sample!1(n!1)>=Sample!1(n!2+1)") (("1" (ASSERT) (("1" (LEMMA "Sample_Compare1") (("1" (INST -1 "Sample!1" "n!2+1" "n!1") (("1" (ASSERT) NIL))))))) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) (("2" (GRIND) NIL))))))))))))))))))) ("2" (ASSERT) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (ASSERT) (("2" (CASE "Sample!1(n!1) - timeout!1 + delta_L <=Tmax") (("1" (HIDE 1) (("1" (POSTPONE) NIL))) ("2" (ASSERT) NIL))))))))))))))))) ("2" (EXPAND "Held_For_I") (("2" (HIDE 1) (("2" (POSTPONE) NIL))))))) ("2" (GRIND) NIL)))) NIL) UNFINISHED NIL NIL NIL NIL NIL) (|TimerGeneral2-14| NIL 3397358303 3397358373 (";;; Proof TimerGeneral2-13 for formula TimerGeneral.TimerGeneral2" (SKOSIMP) ((";;; Proof TimerGeneral2-13 for formula TimerGeneral.TimerGeneral2" (CASE "Sample!1(n!1)- Sample!1(0)>= timeout!1-delta_L OR Sample!1(n!1)- Sample!1(0)< timeout!1-delta_L") (("1" (SPLIT) (("1" (LEMMA "TClock_3") (("1" (INST?) (("1" (INST -1 "Sample!1(n!1)-timeout!1+delta_L") (("1" (SKOSIMP) (("1" (LEMMA "Timer_Lemma6") (("1" (INST?) (("1" (INST -1 "n!1-n!2-1" "n!2+1") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (INST 1 "n!2") (("1" (SKOSIMP) (("1" (TYPEPRED "n!3") (("1" (CASE "n!3=n!2 OR n!3>=n!2+1") (("1" (SPLIT) (("1" (LEMMA "Timer_Lemma4") (("1" (INST -1 "P!1" "Sample!1" "n!1-n!2-1" "n!2+1" "timeout!1") (("1" (ASSERT) (("1" (HIDE -8) (("1" (EXPAND "Timer") (("1" (EXPAND "TimerUpdate") (("1" (ASSERT) (("1" (GRIND) (("1" (EXPAND "Timer") (("1" (ASSERT) NIL))))))))))))))) ("2" (ASSERT) NIL))))) ("2" (INST -4 "n!3") (("2" (ASSERT) NIL))))) ("2" (ASSERT) (("2" (GRIND) NIL))))))))))))) ("2" (TYPEPRED "n!2") (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) (("2" (GRIND) NIL))))))))))))) ("2" (TYPEPRED "n!2") (("2" (CASE "Sample!1(n!1)>=Sample!1(n!2+1)") (("1" (ASSERT) (("1" (LEMMA "Sample_Compare1") (("1" (INST -1 "Sample!1" "n!2+1" "n!1") (("1" (ASSERT) NIL))))))) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) (("2" (GRIND) NIL))))))))))))))))))) ("2" (ASSERT) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (ASSERT) (("2" (CASE "Sample!1(n!1) - timeout!1 + delta_L <=Tmax") (("1" (HIDE 1) (("1" (POSTPONE) NIL))) ("2" (ASSERT) NIL))))))))))))))))) ("2" (EXPAND "Held_For_I") (("2" (HIDE 1) (("2" (POSTPONE) NIL))))))) ("2" (GRIND) NIL)))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 6964 6709 NIL NIL) (|TimerGeneral2-13| NIL 3397352620 3397358133 ("" (SKOSIMP) (("" (CASE "Sample!1(n!1)- Sample!1(0)>= timeout!1-delta_L OR Sample!1(n!1)- Sample!1(0)< timeout!1-delta_L") (("1" (SPLIT) (("1" (LEMMA "TClock_1") (("1" (INST?) (("1" (INST -1 "Sample!1(n!1)-timeout!1+delta_L") (("1" (SKOSIMP) (("1" (LEMMA "Timer_Lemma6") (("1" (INST?) (("1" (INST -1 "n!1-n!2-1" "n!2+1") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (INST 1 "n!2") (("1" (SKOSIMP) (("1" (TYPEPRED "n!3") (("1" (CASE "n!3=n!2 OR n!3>=n!2+1") (("1" (SPLIT) (("1" (LEMMA "Timer_Lemma4") (("1" (INST -1 "P!1" "Sample!1" "n!1-n!2-1" "n!2+1" "timeout!1") (("1" (ASSERT) (("1" (HIDE -8) (("1" (EXPAND "Timer") (("1" (EXPAND "TimerUpdate") (("1" (ASSERT) (("1" (GRIND) (("1" (EXPAND "Timer") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (INST -4 "n!3") (("2" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "n!2") (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "n!2") (("2" (CASE "Sample!1(n!1)>=Sample!1(n!2+1)") (("1" (ASSERT) (("1" (LEMMA "Sample_Compare1") (("1" (INST -1 "Sample!1" "n!2+1" "n!1") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!2") (("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "0") (("2" (ASSERT) (("2" (CASE "Sample!1(n!1) - timeout!1 + delta_L <=Tmax") (("1" (HIDE 1) (("1" (POSTPONE) NIL NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Held_For_I") (("2" (HIDE 1) (("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) UNFINISHED NIL 76384 995 T NIL) (|TimerGeneral2-12| NIL 3397352247 3397352610 ("" (SKOSIMP) (("" (CASE "Sample!1(n!1)- Sample!1(0)>= timeout!1-delta_L OR Sample!1(n!1)- Sample!1(0)< timeout!1-delta_L") (("1" (SPLIT) (("1" (LEMMA "TClock_2") (("1" (POSTPONE) NIL NIL)) NIL) ("2" (EXPAND "Held_For_I") (("2" (HIDE 1) (("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) UNFINISHED NIL 36266 84 T NIL) (|TimerGeneral2-11| NIL 3397098531 3397352241 ("" (SKOSIMP) (("" (CASE "Sample!1(n!1)- Sample!1(0)>= timeout!1-delta_L OR Sample!1(n!1)- Sample!1(0)< timeout!1-delta_L") (("1" (SPLIT) (("1" (LEMMA "TClock_2") (("1" (INST -1 "Sample!1" "Sample!1(n!1) - timeout!1 - delta_L") (("1" (SKOSIMP) (("1" (POSTPONE) NIL NIL)) NIL) ("2" (SPLIT) (("1" (ASSERT) (("1" (TYPEPRED "Sample!1") (("1" (INST -1 "0") (("1" (ASSERT) (("1" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Held_For_I") (("2" (HIDE 1) (("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) UNFINISHED NIL 4279 100 T NIL) (|TimerGeneral2-10| NIL 3397098061 3397098502 ("" (SKOSIMP) (("" (CASE "FORALL (n:nat|n<=n!1):Timer(P!1, Sample!1, timeout!1 - delta_L)(n)>0 AND Timer(P!1, Sample!1, timeout!1 - delta_L)(n) >= timeout!1 - delta_L -(Sample!1(n!1)-Sample!1(n)) IMPLIES Held_For_I(P!1, timeout!1-(Sample!1(n!1)-Sample!1(n)), Sample!1)(n)") (("1" (INST -1 "n!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "n") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (HIDE -2 -3 1) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (BDDSIMP) (("1" (POSTPONE) NIL NIL) ("2" (HIDE 2) (("2" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(jt!1)=Sample!1(jt!1)") (("1" (GRIND) NIL NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "jt!1" "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "TimerUpdate" -3) (("2" (LIFT-IF) (("2" (BDDSIMP) (("1" (EXPAND "Timer" -4) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("3" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(jt!1) = 0") (("1" (HIDE 1) (("1" (CASE "P!1(Sample!1(jt!1)) OR NOT P!1(Sample!1(jt!1))") (("1" (SPLIT) (("1" (EXPAND "Held_For_I") (("1" (INST 1 "jt!1") (("1" (CASE "P!1(Sample!1(jt!1+1))") (("1" (POSTPONE) NIL NIL) ("2" (LEMMA "Timer_Lemma2") (("2" (INST -1 "P!1" "Sample!1" "timeout!1-delta_L" "jt!1+1") (("2" (ASSERT) NIL NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL) ("3" (GRIND) NIL NIL) ("4" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (LEMMA "Timer_Lemma3") (("2" (INST?) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (CASE "timeout!10 AND timeout!1-(Sample!1(n!1)-Sample!1(n))>delta_L AND timeout!1-(Sample!1(n!1)-Sample!1(n))>delta_R AND timeout!1-(Sample!1(n!1)-Sample!1(n))-delta_L>K+TR AND Timer(P!1, Sample!1, timeout!1 - delta_L)(n) >= timeout!1 - delta_L -(Sample!1(n!1)-Sample!1(n)) IMPLIES Held_For_I(P!1, timeout!1-(Sample!1(n!1)-Sample!1(n)), Sample!1)(n)") (("1" (INST -1 "n!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "n") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (HIDE -2 -3 1) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (BDDSIMP) (("1" (POSTPONE) NIL NIL) ("2" (HIDE 2) (("2" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(jt!1)=Sample!1(jt!1)") (("1" (GRIND) NIL NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "jt!1" "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("3" (EXPAND "Timer" -8) (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "TimerUpdate" -3) (("2" (LIFT-IF) (("2" (BDDSIMP) (("1" (EXPAND "Timer" -4) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL) ("5" (POSTPONE) NIL NIL) ("6" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(jt!1) = 0") (("1" (HIDE 1) (("1" (CASE "P!1(Sample!1(jt!1)) OR NOT P!1(Sample!1(jt!1))") (("1" (SPLIT) (("1" (EXPAND "Held_For_I") (("1" (INST 1 "jt!1") (("1" (CASE "P!1(Sample!1(jt!1+1))") (("1" (POSTPONE) NIL NIL) ("2" (LEMMA "Timer_Lemma2") (("2" (INST -1 "P!1" "Sample!1" "timeout!1-delta_L" "jt!1+1") (("2" (ASSERT) NIL NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL) ("3" (GRIND) NIL NIL) ("4" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (LEMMA "Timer_Lemma3") (("2" (INST?) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 2157 623 T NIL) (|TimerGeneral2-8| NIL 3397017028 3397017477 ("" (SKOSIMP) (("" (CASE "FORALL (n:nat|n<=n!1):Timer(P!1, Sample!1, timeout!1 - delta_L)(n)>0 AND timeout!1-(Sample!1(n!1)-Sample!1(n))>delta_L AND timeout!1-(Sample!1(n!1)-Sample!1(n))>delta_R AND timeout!1-(Sample!1(n!1)-Sample!1(n))>K+TR AND Timer(P!1, Sample!1, timeout!1 - delta_L)(n) >= timeout!1 - delta_L -(Sample!1(n!1)-Sample!1(n)) IMPLIES Held_For_I(P!1, timeout!1-(Sample!1(n!1)-Sample!1(n)), Sample!1)(n)") (("1" (INST -1 "n!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "n") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (HIDE -2 -3 1) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (BDDSIMP) (("1" (POSTPONE) NIL NIL) ("2" (HIDE 2) (("2" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(jt!1)=Sample!1(jt!1)") (("1" (GRIND) NIL NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "jt!1" "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("3" (EXPAND "Timer" -8) (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "TimerUpdate" -3) (("2" (LIFT-IF) (("2" (BDDSIMP) (("1" (EXPAND "Timer" -4) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("3" (POSTPONE) NIL NIL) ("4" (POSTPONE) NIL NIL) ("5" (POSTPONE) NIL NIL) ("6" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(jt!1) = 0") (("1" (HIDE 1) (("1" (CASE "P!1(Sample!1(jt!1)) OR NOT P!1(Sample!1(jt!1))") (("1" (SPLIT) (("1" (EXPAND "Held_For_I") (("1" (INST 1 "jt!1") (("1" (CASE "P!1(Sample!1(jt!1+1))") (("1" (POSTPONE) NIL NIL) ("2" (LEMMA "Timer_Lemma2") (("2" (INST -1 "P!1" "Sample!1" "timeout!1-delta_L" "jt!1+1") (("2" (ASSERT) NIL NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL) ("3" (GRIND) NIL NIL) ("4" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (LEMMA "Timer_Lemma3") (("2" (INST?) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (ASSERT) (("3" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (POSTPONE) NIL NIL)) NIL)) NIL) UNFINISHED NIL 37862 5890 T NIL) (|TimerGeneral2-7| NIL 3397016406 3397016989 ("" (SKOSIMP) (("" (CASE "FORALL (n:nat|n<=n!1):Timer(P!1, Sample!1, timeout!1 - delta_L)(n)>0 AND Timer(P!1, Sample!1, timeout!1 - delta_L)(n) >= timeout!1 - delta_L -(Sample!1(n!1)-Sample!1(n)) IMPLIES Held_For_I(P!1, timeout!1-(Sample!1(n!1)-Sample!1(n)), Sample!1)(n)") (("1" (INST -1 "n!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "n") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (HIDE -2 -3 1) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (BDDSIMP) (("1" (POSTPONE) NIL NIL) ("2" (HIDE 2) (("2" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(jt!1)=Sample!1(jt!1)") (("1" (GRIND) NIL NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "jt!1" "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("3" (EXPAND "Timer" -5) (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "TimerUpdate" -3) (("2" (LIFT-IF) (("2" (BDDSIMP) (("1" (EXPAND "Timer" -4) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("3" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(jt!1) = 0") (("1" (HIDE 1) (("1" (CASE "P!1(Sample!1(jt!1)) OR NOT P!1(Sample!1(jt!1))") (("1" (SPLIT) (("1" (EXPAND "Held_For_I") (("1" (INST 1 "jt!1") (("1" (CASE "P!1(Sample!1(jt!1+1))") (("1" (POSTPONE) NIL NIL) ("2" (LEMMA "Timer_Lemma2") (("2" (INST -1 "P!1" "Sample!1" "timeout!1-delta_L" "jt!1+1") (("2" (ASSERT) NIL NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL) ("2" (GRIND) NIL NIL) ("3" (GRIND) NIL NIL) ("4" (POSTPONE) NIL NIL)) NIL)) NIL) ("2" (LEMMA "Timer_Lemma3") (("2" (INST?) (("1" (GRIND) NIL NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (SKOSIMP) (("3" (TYPEPRED "n!3") (("3" (TYPEPRED "n!2") (("3" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (POSTPONE) NIL NIL)) NIL)) NIL) UNFINISHED NIL 1199 632 T NIL) (|TimerGeneral2-6| NIL 3397016035 3397016385 ("" (SKOSIMP) (("" (CASE "FORALL (n:nat|n<=n!1):Timer(P!1, Sample!1, timeout!1 - delta_L)(n)>0 AND Timer(P!1, Sample!1, timeout!1 - delta_L)(n) >= timeout!1 - delta_L -(Sample!1(n!1)-Sample!1(n)) IMPLIES Held_For_I(P!1, timeout!1, Sample!1)(n)") (("1" (INST -1 "n!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "n") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (HIDE -2 -3 1) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (BDDSIMP) (("1" (POSTPONE) NIL NIL) ("2" (HIDE 2) (("2" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(jt!1)=Sample!1(jt!1)") (("1" (GRIND) NIL NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "jt!1" "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL) ("3" (EXPAND "Timer" -5) (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "TimerUpdate" -3) (("2" (LIFT-IF) (("2" (BDDSIMP) (("1" (EXPAND "Timer" -4) (("1" (ASSERT) (("1" (GRIND) NIL NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("3" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 3013 276 T NIL) (|TimerGeneral2-5| NIL 3397015996 3397016016 (";;; Proof TimerGeneral2-4 for formula TimerGeneral.TimerGeneral2" (SKOSIMP) ((";;; Proof TimerGeneral2-4 for formula TimerGeneral.TimerGeneral2" (CASE "FORALL (n:nat|n<=n!1):Timer(P!1, Sample!1, timeout!1 - delta_L)(n)>0 AND Timer(P!1, Sample!1, timeout!1 - delta_L)(n) >= timeout!1 - delta_L -(Sample!1(n!1)-Sample!1(n)) IMPLIES Held_For_I(P!1, timeout!1, Sample!1)(n)") (("1" (INST -1 "n!1") (("1" (ASSERT) NIL))) ("2" (HIDE 2) (("2" (INDUCT "n") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (HIDE -2 -3 1) (("1" (GRIND) NIL))))))))) ("2" (SKOSIMP) (("2" (BDDSIMP) (("1" (POSTPONE) NIL) ("2" (HIDE 2) (("2" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(j!1)=Sample!1(j!1)") (("1" (GRIND) NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "j!1" "n!1") (("2" (ASSERT) (("2" (POSTPONE) NIL))))))))) ("3" (POSTPONE) NIL))))))) ("2" (POSTPONE) NIL))))))))) ("2" (GRIND) NIL))))) ("3" (POSTPONE) NIL)))))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 1918 365 T NIL) (|TimerGeneral2-4| NIL 3397015965 3397015986 ("" (SKOSIMP) (("" (CASE "FORALL (n|n<=n!1):Timer(P!1, Sample!1, timeout!1 - delta_L)(n)>0 AND Timer(P!1, Sample!1, timeout!1 - delta_L)(n) >= timeout!1 - delta_L -(Sample!1(n!1)-Sample!1(n)) IMPLIES Held_For_I(P!1, timeout!1, Sample!1)(n)") (("1" (INST -1 "n!1") (("1" (ASSERT) NIL))) ("2" (HIDE 2) (("2" (INDUCT "n") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (HIDE -2 -3 1) (("1" (GRIND) NIL))))))))) ("2" (SKOSIMP) (("2" (BDDSIMP) (("1" (POSTPONE) NIL) ("2" (HIDE 2) (("2" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(j!1)=Sample!1(j!1)") (("1" (GRIND) NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "j!1" "n!1") (("2" (ASSERT) (("2" (POSTPONE) NIL))))))))) ("3" (POSTPONE) NIL))))))) ("2" (POSTPONE) NIL))))))))) ("2" (GRIND) NIL))))) ("3" (POSTPONE) NIL)))))))))))) NIL) UNFINISHED NIL 2049 112 T NIL) (|TimerGeneral2-3| NIL 3397015948 3397015951 (";;; Proof TimerGeneral2-2 for formula TimerGeneral.TimerGeneral2" (SKOSIMP) ((";;; Proof TimerGeneral2-2 for formula TimerGeneral.TimerGeneral2" (CASE "FORALL (n:|n<=n!1):Timer(P!1, Sample!1, timeout!1 - delta_L)(n)>0 AND Timer(P!1, Sample!1, timeout!1 - delta_L)(n) >= timeout!1 - delta_L -(Sample!1(n!1)-Sample!1(n)) IMPLIES Held_For_I(P!1, timeout!1, Sample!1)(n)") (("1" (INST -1 "n!1") (("1" (ASSERT) NIL))) ("2" (HIDE 2) (("2" (INDUCT "n") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (HIDE -2 -3 1) (("1" (GRIND) NIL))))))))) ("2" (SKOSIMP) (("2" (BDDSIMP) (("1" (POSTPONE) NIL) ("2" (HIDE 2) (("2" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(j!1)=Sample!1(j!1)") (("1" (GRIND) NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "j!1" "n!1") (("2" (ASSERT) (("2" (POSTPONE) NIL))))))))) ("3" (POSTPONE) NIL))))))) ("2" (POSTPONE) NIL))))))))) ("2" (GRIND) NIL))))) ("3" (POSTPONE) NIL)))))))))))) ";;; developed with SHOSTAK decision procedures") UNFINISHED NIL 320 4 T NIL) (|TimerGeneral2-2| NIL 3397015570 3397015936 ("" (SKOSIMP) (("" (CASE "FORALL (n:nat):Timer(P!1, Sample!1, timeout!1 - delta_L)(n)>0 AND Timer(P!1, Sample!1, timeout!1 - delta_L)(n) >= timeout!1 - delta_L -(Sample!1(n!1)-Sample!1(n)) IMPLIES Held_For_I(P!1, timeout!1, Sample!1)(n)") (("1" (INST -1 "n!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "n") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (HIDE -2 -3 1) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (SKOSIMP) (("2" (BDDSIMP) (("1" (POSTPONE) NIL NIL) ("2" (HIDE 2) (("2" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(j!1)=Sample!1(j!1)") (("1" (GRIND) NIL NIL) ("2" (LEMMA "Sample_Compare") (("2" (INST -1 "Sample!1" "j!1" "n!1") (("2" (ASSERT) (("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (GRIND) NIL NIL)) NIL)) NIL) ("3" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 36500 1485 T NIL) (|TimerGeneral2-1| NIL 3397015151 3397015489 ("" (SKOSIMP) (("" (CASE "FORALL (n:nat):Timer(P!1, Sample!1, timeout!1 - delta_L)(n) >= timeout!1 - delta_L -(Sample!1(n!1)-Sample!1(n)) IMPLIES Held_For_I(P!1, timeout!1, Sample!1)(n)") (("1" (INST -1 "n!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (HIDE 2) (("2" (INDUCT "n") (("1" (ASSERT) (("1" (BDDSIMP) (("1" (EXPAND "Held_For_I") (("1" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL) ("2" (POSTPONE) NIL NIL)) NIL)) NIL)) NIL)) NIL) UNFINISHED NIL 21721 719 T SHOSTAK)) (|TimerGeneral| 0 (|TimerGeneral-1| NIL 3397397381 3397397675 ("" (SKOSIMP) (("" (LEMMA "TimerGeneral1") (("" (LEMMA "TimerGeneral2") (("" (INST?) (("" (INST?) (("" (ASSERT) (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|TimerGeneral1| FORMULA-DECL NIL |TimerGeneral| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (< CONST-DECL "bool" |reals| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Duration| TYPE-EQ-DECL NIL |TimerGeneral| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|TimerGeneral2| FORMULA-DECL NIL |TimerGeneral| NIL)) 24 24 T SHOSTAK)) (|Timer_Eqv_TCC1| 0 (|Timer_Eqv_TCC1-1| NIL 3403451426 3403455092 ("" (SKOSIMP) (("" (TYPEPRED "Sample!1") (("" (INST -2 "n!1+1") (("" (SKOSIMP) (("" (TYPEPRED "t!1") (("" (SKOSIMP) (("" (INST 1 "n!2") (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) PROVED ((|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (<= CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (< CONST-DECL "bool" |reals| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|nnreal_times_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL)) 3175 85 T NIL)) (|Timer_Eqv| 0 (|Timer_Eqv-1| NIL 3403451140 3403451913 ("" (SKOSIMP) (("" (BDDSIMP) (("1" (EXPAND "Timer" -1) (("1" (LIFT-IF) (("1" (BDDSIMP) (("1" (EXPAND "TimerUpdate") (("1" (ASSERT) NIL NIL)) NIL) ("2" (EXPAND "TimerUpdate") (("2" (LIFT-IF) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "Timer" -1) (("2" (LIFT-IF) (("2" (BDDSIMP) (("1" (EXPAND "TimerUpdate") (("1" (LIFT-IF) (("1" (BDDSIMP) (("1" (ASSERT) NIL NIL) ("2" (ASSERT) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (ASSERT) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("3" (TYPEPRED "timeout!1") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "TimerUpdate") (("2" (ASSERT) (("2" (LIFT-IF) (("2" (ASSERT) (("2" (BDDSIMP) (("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("3" (EXPAND "Timer" 1) (("3" (LIFT-IF) (("3" (ASSERT) (("3" (BDDSIMP) (("1" (EXPAND "TimerUpdate") (("1" (LIFT-IF) (("1" (BDDSIMP) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "TimerUpdate") (("2" (GRIND) (("2" (CASE "Timer(P!1, Sample!1, timeout!1 - delta_L)(n!1)>0") (("1" (LEMMA "Timer_Lemma2") (("1" (INST?) (("1" (ASSERT) NIL NIL)) NIL)) NIL) ("2" (TYPEPRED "Sample!1") (("2" (INST -1 "n!1") (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Timer_Lemma2| FORMULA-DECL NIL |TimerGeneral| NIL) (|Duration| TYPE-EQ-DECL NIL |TimerGeneral| NIL) (|real_gt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|posreal_plus_nnreal_is_posreal| APPLICATION-JUDGEMENT "posreal" |real_types| NIL) (|real_le_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (< CONST-DECL "bool" |reals| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (>= CONST-DECL "bool" |reals| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (NOT CONST-DECL "[bool -> bool]" |booleans| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|real_lt_is_strict_total_order| NAME-JUDGEMENT "(strict_total_order?[real])" |real_props| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|Timer| DEF-DECL "tick" |TimerGeneral| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|TimerUpdate| CONST-DECL "tick" |TimerGeneral| NIL)) 38489 297 T SHOSTAK)) (|Timer_General| 0 (|Timer_General-1| NIL 3403450508 3403451964 ("" (SKOSIMP) (("" (LEMMA "TimerGeneral") (("" (INST?) (("" (LEMMA "Timer_Eqv") (("" (INST?) (("" (ASSERT) (("" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) UNCHECKED ((|TimerGeneral| FORMULA-DECL NIL |TimerGeneral| NIL) (|Timer_Eqv| FORMULA-DECL NIL |TimerGeneral| NIL) (|real_ge_is_total_order| NAME-JUDGEMENT "(total_order?[real])" |real_props| NIL) (|real_minus_real_is_real| APPLICATION-JUDGEMENT "real" |reals| NIL) (|minus_odd_is_odd| APPLICATION-JUDGEMENT "odd_int" |integers| NIL) (|nnreal_plus_nnreal_is_nnreal| APPLICATION-JUDGEMENT "nnreal" |real_types| NIL) (|posint_plus_nnint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL) (|Duration| TYPE-EQ-DECL NIL |TimerGeneral| NIL) (|Sample_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|Tclock| NONEMPTY-TYPE-EQ-DECL NIL |TClocks| NIL) (+ CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|Tmin| CONST-DECL "posreal" |TClocks| NIL) (|Tmax| CONST-DECL "posreal" |TClocks| NIL) (<= CONST-DECL "bool" |reals| NIL) (AND CONST-DECL "[bool, bool -> bool]" |booleans| NIL) (|Condition_Type| TYPE-EQ-DECL NIL |Held_For_TD| NIL) (|delta_R| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (|delta_L| FORMAL-CONST-DECL "time" |TimerGeneral| NIL) (TR FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|tick| TYPE-EQ-DECL NIL |Clocks_T| NIL) (* CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (= CONST-DECL "[T, T -> boolean]" |equalities| NIL) (|nat| NONEMPTY-TYPE-EQ-DECL NIL |naturalnumbers| NIL) (|int| NONEMPTY-TYPE-EQ-DECL NIL |integers| NIL) (|integer_pred| CONST-DECL "[rational -> boolean]" |integers| NIL) (|rational| NONEMPTY-TYPE-FROM-DECL NIL |rationals| NIL) (|rational_pred| CONST-DECL "[real -> boolean]" |rationals| NIL) (|non_neg| TYPE-EQ-DECL NIL |Clocks_T| NIL) (|delta_t| FORMAL-CONST-DECL "{tk: posreal | tk < K - TL}" |TimerGeneral| NIL) (TL FORMAL-CONST-DECL "{t: time | t < K}" |TimerGeneral| NIL) (|time| TYPE-EQ-DECL NIL |Clocks| NIL) (K FORMAL-CONST-DECL "posreal" |TimerGeneral| NIL) (- CONST-DECL "[numfield, numfield -> numfield]" |number_fields| NIL) (|numfield| NONEMPTY-TYPE-EQ-DECL NIL |number_fields| NIL) (< CONST-DECL "bool" |reals| NIL) (|posreal| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (> CONST-DECL "bool" |reals| NIL) (|nonneg_real| NONEMPTY-TYPE-EQ-DECL NIL |real_types| NIL) (>= CONST-DECL "bool" |reals| NIL) (|bool| NONEMPTY-TYPE-EQ-DECL NIL |booleans| NIL) (|real| NONEMPTY-TYPE-FROM-DECL NIL |reals| NIL) (|real_pred| CONST-DECL "[number_field -> boolean]" |reals| NIL) (|number_field| NONEMPTY-TYPE-FROM-DECL NIL |number_fields| NIL) (|number_field_pred| CONST-DECL "[number -> boolean]" |number_fields| NIL) (|boolean| NONEMPTY-TYPE-DECL NIL |booleans| NIL) (|number| NONEMPTY-TYPE-DECL NIL |numbers| NIL) (|nnint_plus_posint_is_posint| APPLICATION-JUDGEMENT "posint" |integers| NIL)) 1451 59 T SHOSTAK)))