Impressum bisimulation.prf

(bisimulation
 (correct_AExp 0
  (correct_AExp-1 nil 3398501093
   ("" (induct "a")
    (("1" (skolem + "n!1")
      (("1" (skosimp)
        (("1" (expand "CA")
          (("1" (expand "am.tr")
            (("1" (expand "step")
              (("1" (expand "push")
                (("1" (expand "A")
                  (("1" (inst + "1")
                    (("1" (assert)
                      (("1" (expand "am.tr") (("1" (propax) nil nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("2" (skolem + ("x!1"))
      (("2" (skosimp)
        (("2" (inst + "1")
          (("2" (expand "CA")
            (("2" (expand "A")
              (("2" (expand "am.tr")
                (("2" (expand "step")
                  (("2" (expand "am.tr")
                    (("2" (expand "push") (("2" (propax) nil nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("3" (skolem + ("a!1" "a!2"))
      (("3" (skosimp*)
        (("3" (expand "A" 1)
          (("3" (expand "CA" 1)
            (("3" (inst -2 "e!1" "s!1")
              (("3" (skosimp)
                (("3" (inst - "cons(A(a!2)(s!1), e!1)" "s!1")
                  (("3" (skosimp)
                    (("3" (inst + "n!1+n!2+1")
                      (("3" (name-replace "C1" "CA(a!1)")
                        (("3" (name-replace "C2" "CA(a!2)")
                          (("3" (name-replace "N1" "A(a!1)(s!1)")
                            (("3" (name-replace "N2" "A(a!2)(s!1)")
                              (("3"
                                (case
                                 "am.tr(1)((cons(BINARY(LAMBDA (i, j:int): i + j), null[Instruction]),cons(N1, cons(N2, e!1)), s!1),(null, cons(N1 + N2, e!1), s!1))")
                                (("1"
                                  (name-replace
                                   "C3"
                                   "cons(BINARY(LAMBDA (i, j: int): i + j), null[Instruction])")
                                  (("1"
                                    (case
                                     "am.tr
          (n!2+1)((append(C1, C3),cons(N2, e!1), s!1), (null, cons(N1 + N2, e!1), s!1))")
                                    (("1"
                                      (hide -2 -3)
                                      (("1"
                                        (lemma
                                         "code_partial"
                                         ("k"
                                          "n!1"
                                          "c0"
                                          "C2"
                                          "e0"
                                          "e!1"
                                          "s0"
                                          "s!1"
                                          "c1"
                                          "null[Instruction]"
                                          "e1"
                                          "cons(N2, e!1)"
                                          "s1"
                                          "s!1"
                                          "c2"
                                          "append(C1, C3)"
                                          "e2"
                                          "null[int]"))
                                        (("1"
                                          (replace -3)
                                          (("1"
                                            (rewrite "append_null")
                                            (("1"
                                              (rewrite "append_null")
                                              (("1"
                                                (expand "append" -1 3)
                                                (("1"
                                                  (lemma
                                                   "am.tr_add"
                                                   ("k1"
                                                    "n!1"
                                                    "k2"
                                                    "n!2+1"
                                                    "cf0"
                                                    "(append(C2, append(C1, C3)), e!1, s!1)"
                                                    "cf2"
                                                    "(null[Instruction], cons(N1 + N2, e!1), s!1)"))
                                                  (("1"
                                                    (replace -1 1)
                                                    (("1"
                                                      (inst
                                                       +
                                                       "(append(C1, C3), cons(N2, e!1), s!1)")
                                                      (("1"
                                                        (assert)
                                                        nil
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil)
                                     ("2"
                                      (hide -3 2)
                                      (("2"
                                        (lemma
                                         "code_partial"
                                         ("k"
                                          "n!2"
                                          "c0"
                                          "C1"
                                          "e0"
                                          "cons(N2, e!1)"
                                          "s0"
                                          "s!1"
                                          "c1"
                                          "null[Instruction]"
                                          "e1"
                                          "cons(N1, cons(N2, e!1))"
                                          "s1"
                                          "s!1"
                                          "c2"
                                          "C3"
                                          "e2"
                                          "null[int]"))
                                        (("2"
                                          (replace -3)
                                          (("2"
                                            (rewrite "append_null")
                                            (("2"
                                              (rewrite "append_null")
                                              (("2"
                                                (expand "append" -1 2)
                                                (("2"
                                                  (hide -3)
                                                  (("2"
                                                    (lemma
                                                     "am.tr_add"
                                                     ("k1"
                                                      "n!2"
                                                      "k2"
                                                      "1"
                                                      "cf0"
                                                      "(append(C1, C3), cons(N2, e!1), s!1)"
                                                      "cf2"
                                                      "(null[Instruction], cons(N1 + N2, e!1), s!1)"))
                                                    (("2"
                                                      (replace -1 1)
                                                      (("2"
                                                        (hide -1)
                                                        (("2"
                                                          (inst
                                                           +
                                                           "(C3, cons(N1, cons(N2, e!1)), s!1)")
                                                          (("2"
                                                            (assert)
                                                            nil
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil)
                                 ("2"
                                  (hide-all-but 1)
                                  (("2" (grind) nil nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("4" (skolem + ("a!1" "a!2"))
      (("4" (skosimp*)
        (("4" (expand "A" 1)
          (("4" (expand "CA" 1)
            (("4" (inst - "cons(A(a!2)(s!1),e!1)" "s!1")
              (("4" (inst - "e!1" "s!1")
                (("4" (skosimp*)
                  (("4" (inst + "n!1+n!2+1")
                    (("4" (name-replace "N1" "A(a!1)(s!1)")
                      (("4" (name-replace "N2" "A(a!2)(s!1)")
                        (("4" (name-replace "C1" "CA(a!1)")
                          (("4" (name-replace "C2" "CA(a!2)")
                            (("4"
                              (case "am.tr(1)((cons(BINARY(LAMBDA (i, j:int): i - j), null[Instruction]),cons(N1, cons(N2, e!1)), s!1),(null, cons(N1 - N2, e!1), s!1))")
                              (("1"
                                (name-replace
                                 "C3"
                                 "cons(BINARY(LAMBDA (i, j: int): i - j), null[Instruction])")
                                (("1"
                                  (lemma
                                   "code_partial"
                                   ("k"
                                    "n!1"
                                    "c0"
                                    "C1"
                                    "c1"
                                    "null[Instruction]"
                                    "c2"
                                    "C3"
                                    "e0"
                                    "cons(N2, e!1)"
                                    "e1"
                                    "cons(N1, cons(N2, e!1))"
                                    "e2"
                                    "null[int]"
                                    "s0"
                                    "s!1"
                                    "s1"
                                    "s!1"))
                                  (("1"
                                    (replace -3)
                                    (("1"
                                      (rewrite "append_null")
                                      (("1"
                                        (rewrite "append_null")
                                        (("1"
                                          (expand "append" -1 2)
                                          (("1"
                                            (lemma
                                             "am.tr_add"
                                             ("k1"
                                              "n!1"
                                              "k2"
                                              "1"
                                              "cf0"
                                              "(append(C1, C3), cons(N2, e!1), s!1)"
                                              "cf2"
                                              "(null[Instruction], cons(N1 - N2, e!1), s!1)"))
                                            (("1"
                                              (flatten)
                                              (("1"
                                                (hide -1)
                                                (("1"
                                                  (split -1)
                                                  (("1"
                                                    (hide -2 -3 -4)
                                                    (("1"
                                                      (lemma
                                                       "code_partial"
                                                       ("k"
                                                        "n!2"
                                                        "c0"
                                                        "C2"
                                                        "c1"
                                                        "null[Instruction]"
                                                        "c2"
                                                        "append(C1, C3)"
                                                        "e0"
                                                        "e!1"
                                                        "e1"
                                                        "cons(N2, e!1)"
                                                        "e2"
                                                        "null[int]"
                                                        "s0"
                                                        "s!1"
                                                        "s1"
                                                        "s!1"))
                                                      (("1"
                                                        (replace -3)
                                                        (("1"
                                                          (rewrite
                                                           "append_null")
                                                          (("1"
                                                            (rewrite
                                                             "append_null")
                                                            (("1"
                                                              (expand
                                                               "append"
                                                               -1
                                                               3)
                                                              (("1"
                                                                (hide
                                                                 -3)
                                                                (("1"
                                                                  (lemma
                                                                   "am.tr_add"
                                                                   ("k1"
                                                                    "n!2"
                                                                    "k2"
                                                                    "n!1+1"
                                                                    "cf0"
                                                                    "(append(C2, append(C1, C3)), e!1, s!1)"
                                                                    "cf2"
                                                                    "(null[Instruction], cons(N1 - N2, e!1), s!1)"))
                                                                  (("1"
                                                                    (replace
                                                                     -1)
                                                                    (("1"
                                                                      (hide
                                                                       -1)
                                                                      (("1"
                                                                        (inst
                                                                         +
                                                                         "(append(C1, C3), cons(N2, e!1), s!1)")
                                                                        (("1"
                                                                          (assert)
                                                                          nil
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil)
                                                   ("2"
                                                    (inst
                                                     +
                                                     "(C3, cons(N1, cons(N2, e!1)), s!1)")
                                                    (("2"
                                                      (assert)
                                                      nil
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil)
                               ("2" (grind) nil nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("5" (skolem + ("a!1" "a!2"))
      (("5" (skosimp*)
        (("5" (inst - "cons(A(a!2)(s!1),e!1)" "s!1")
          (("5" (inst - "e!1" "s!1")
            (("5" (skosimp*)
              (("5" (inst + "n!1+n!2+1")
                (("5" (expand "CA" 1)
                  (("5" (expand "A" 1)
                    (("5" (name-replace "C1" "CA(a!1)")
                      (("5" (name-replace "C2" "CA(a!2)")
                        (("5" (name-replace "N1" "A(a!1)(s!1)")
                          (("5" (name-replace "N2" "A(a!2)(s!1)")
                            (("5"
                              (case "am.tr(1)((cons(BINARY(LAMBDA (i, j:int): i * j), null[Instruction]),cons(N1, cons(N2, e!1)), s!1),(null, cons(N1 * N2, e!1), s!1))")
                              (("1"
                                (name-replace
                                 "C3"
                                 "cons(BINARY(LAMBDA (i, j: int): i * j), null[Instruction])")
                                (("1"
                                  (lemma
                                   "am.tr_add"
                                   ("k1"
                                    "n!2"
                                    "k2"
                                    "n!1+1"
                                    "cf0"
                                    "(append(C2, append(C1, C3)), e!1, s!1)"
                                    "cf2"
                                    "(null[Instruction], cons(N1 * N2, e!1), s!1)"))
                                  (("1"
                                    (replace -1)
                                    (("1"
                                      (inst
                                       +
                                       "(append(C1, C3),cons(N2, e!1), s!1)")
                                      (("1"
                                        (hide -1)
                                        (("1"
                                          (split)
                                          (("1"
                                            (lemma
                                             "code_partial"
                                             ("k"
                                              "n!2"
                                              "c0"
                                              "C2"
                                              "e0"
                                              "e!1"
                                              "s0"
                                              "s!1"
                                              "c1"
                                              "null[Instruction]"
                                              "e1"
                                              "cons(N2, e!1)"
                                              "s1"
                                              "s!1"
                                              "c2"
                                              "append(C1, C3)"
                                              "e2"
                                              "null[int]"))
                                            (("1"
                                              (rewrite "append_null")
                                              (("1"
                                                (rewrite "append_null")
                                                (("1"
                                                  (expand
                                                   "append"
                                                   -1
                                                   3)
                                                  (("1"
                                                    (assert)
                                                    nil
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil)
                                           ("2"
                                            (hide -3)
                                            (("2"
                                              (lemma
                                               "code_partial"
                                               ("k"
                                                "n!1"
                                                "c0"
                                                "C1"
                                                "e0"
                                                "cons(N2, e!1)"
                                                "s0"
                                                "s!1"
                                                "c1"
                                                "null[Instruction]"
                                                "e1"
                                                "cons(N1, cons(N2, e!1))"
                                                "s1"
                                                "s!1"
                                                "c2"
                                                "C3"
                                                "e2"
                                                "null[int]"))
                                              (("2"
                                                (rewrite "append_null")
                                                (("2"
                                                  (rewrite
                                                   "append_null")
                                                  (("2"
                                                    (expand
                                                     "append"
                                                     -1
                                                     2)
                                                    (("2"
                                                      (assert)
                                                      (("2"
                                                        (hide -3)
                                                        (("2"
                                                          (lemma
                                                           "am.tr_add"
                                                           ("k1"
                                                            "n!1"
                                                            "k2"
                                                            "1"
                                                            "cf0"
                                                            "(append(C1, C3), cons(N2, e!1), s!1)"
                                                            "cf2"
                                                            "(null[Instruction], cons(N1 * N2, e!1), s!1)"))
                                                          (("2"
                                                            (replace
                                                             -1)
                                                            (("2"
                                                              (inst
                                                               +
                                                               "(C3, cons(N1, cons(N2, e!1)), s!1)")
                                                              (("2"
                                                                (assert)
                                                                nil
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil)
                               ("2"
                                (hide-all-but 1)
                                (("2"
                                  (expand "am.tr")
                                  (("2"
                                    (expand "step")
                                    (("2"
                                      (expand "am.tr")
                                      (("2"
                                        (assert)
                                        (("2"
                                          (expand "check2")
                                          (("2"
                                            (expand "top")
                                            (("2"
                                              (expand "pop")
                                              (("2"
                                                (expand "push")
                                                (("2"
                                                  (propax)
                                                  nil
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil))
    nil)
   ((mult_divides1 application-judgement "(divides(n))" divides nil)
    (mult_divides2 application-judgement "(divides(m))" divides nil)
    (* const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (minus_odd_is_odd application-judgement "odd_int" integers nil)
    (int_minus_int_is_int application-judgement "int" integers nil)
    (- const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (even_minus_odd_is_odd application-judgement "odd_int" integers
     nil)
    (nnint_plus_posint_is_posint application-judgement "posint"
     integers nil)
    (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (numfield nonempty-type-eq-decl nil number_fields nil)
    (pop const-decl "Stack" am nil) (top const-decl "int" am nil)
    (check2 const-decl "bool" am nil) (tr_add formula-decl nil am nil)
    (posint_plus_nnint_is_posint application-judgement "posint"
     integers nil)
    (append_null formula-decl nil list_props nil)
    (code_partial formula-decl nil am nil)
    (append def-decl "list[T]" list_props nil)
    (BINARY adt-constructor-decl "[[[int, int] -> int] -> (BINARY?)]"
     Instruction nil)
    (BINARY? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (int_plus_int_is_int application-judgement "int" integers nil)
    (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
     integers nil)
    (= const-decl "[T, T -> boolean]" equalities nil)
    (step const-decl "Config" am nil)
    (odd_minus_odd_is_even application-judgement "even_int" integers
     nil)
    (push const-decl "Stack" am nil)
    (AExp_induction formula-decl nil AExp nil)
    (V formal-nonempty-type-decl nil bisimulation nil)
    (A def-decl "[State -> int]" AExp nil)
    (cons adt-constructor-decl "[[T, list] -> (cons?)]" list_adt nil)
    (cons? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (null adt-constructor-decl "(null?)" list_adt nil)
    (null? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (CA def-decl "Code" compiler nil) (tr def-decl "bool" am nil)
    (Config nonempty-type-eq-decl nil am nil)
    (Stack nonempty-type-eq-decl nil am nil)
    (Code nonempty-type-eq-decl nil Instruction nil)
    (Instruction type-decl nil Instruction nil)
    (nat nonempty-type-eq-decl nil naturalnumbers nil)
    (>= const-decl "bool" reals nil)
    (State nonempty-type-eq-decl nil State nil)
    (int nonempty-type-eq-decl nil integers nil)
    (integer_pred const-decl "[rational -> boolean]" integers nil)
    (rational nonempty-type-from-decl nil rationals nil)
    (rational_pred const-decl "[real -> boolean]" rationals nil)
    (real nonempty-type-from-decl nil reals nil)
    (real_pred const-decl "[number_field -> boolean]" reals nil)
    (number_field nonempty-type-from-decl nil number_fields nil)
    (number_field_pred const-decl "[number -> boolean]" number_fields
     nil)
    (AND const-decl "[bool, bool -> bool]" booleans nil)
    (every adt-def-decl "boolean" list_adt nil)
    (PRED type-eq-decl nil defined_types nil)
    (bool nonempty-type-eq-decl nil booleans nil)
    (list type-decl nil list_adt nil)
    (number nonempty-type-decl nil numbers nil)
    (boolean nonempty-type-decl nil booleans nil)
    (AExp type-decl nil AExp nil))
   shostak))
 (correct_BExp 0
  (correct_BExp-1 nil 3399055662
   ("" (induct "b")
    (("1" (skosimp)
      (("1" (inst + "1")
        (("1" (expand "tr")
          (("1" (expand "CB")
            (("1" (expand "tr")
              (("1" (expand "step")
                (("1" (expand "push")
                  (("1" (expand "B") (("1" (propax) nil nil)) nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("2" (skosimp)
      (("2" (inst + "1")
        (("2" (expand "tr")
          (("2" (expand "tr")
            (("2" (expand "CB")
              (("2" (expand "B")
                (("2" (expand "step")
                  (("2" (expand "push") (("2" (propax) nil nil)) nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("3" (skolem + ("a!1" "a!2"))
      (("3" (skosimp)
        (("3" (expand "CB")
          (("3" (lemma "correct_AExp" ("a" "a!2" "e" "e!1" "s" "s!1"))
            (("3" (skosimp)
              (("3"
                (lemma "correct_AExp"
                 ("a" "a!1" "e" "cons(A(a!2)(s!1), e!1)" "s" "s!1"))
                (("3" (skosimp)
                  (("3" (expand "B" 1)
                    (("3" (inst + "n!1+n!2+1")
                      (("3"
                        (lemma "code_partial"
                         ("k" "n!2" "c0" "CA(a!1)" "e0"
                          "cons(A(a!2)(s!1), e!1)" "s0" "s!1" "c1"
                          "null[Instruction]" "e1"
                          "cons(A(a!1)(s!1), cons(A(a!2)(s!1), e!1))"
                          "s1" "s!1" "c2"
                          "cons(BINARY(LAMBDA (i, j:int): b2n(i = j)), null)"
                          "e2" "null[int]"))
                        (("3" (replace -2)
                          (("3" (rewrite "append_null")
                            (("3" (rewrite "append_null")
                              (("3"
                                (expand "append" -1 2)
                                (("3"
                                  (name-replace
                                   "C2"
                                   "append(CA(a!1),
                 cons(BINARY(LAMBDA (i, j: int): b2n(i = j)), null))")
                                  (("3"
                                    (hide -2)
                                    (("3"
                                      (case
                                       "tr(n!2+1)((C2, cons(A(a!2)(s!1), e!1), s!1),(null[Instruction],cons(b2n(A(a!1)(s!1) = A(a!2)(s!1)), e!1), s!1))")
                                      (("1"
                                        (hide -2)
                                        (("1"
                                          (lemma
                                           "code_partial"
                                           ("k"
                                            "n!1"
                                            "c0"
                                            "CA(a!2)"
                                            "e0"
                                            "e!1"
                                            "s0"
                                            "s!1"
                                            "c1"
                                            "null[Instruction]"
                                            "e1"
                                            "cons(A(a!2)(s!1), e!1)"
                                            "s1"
                                            "s!1"
                                            "c2"
                                            "C2"
                                            "e2"
                                            "null[int]"))
                                          (("1"
                                            (assert)
                                            (("1"
                                              (rewrite "append_null")
                                              (("1"
                                                (rewrite "append_null")
                                                (("1"
                                                  (expand
                                                   "append"
                                                   -1
                                                   2)
                                                  (("1"
                                                    (lemma
                                                     "am.tr_add"
                                                     ("k1"
                                                      "n!1"
                                                      "k2"
                                                      "n!2+1"
                                                      "cf0"
                                                      "(append(CA(a!2), C2), e!1, s!1)"
                                                      "cf2"
                                                      "(null[Instruction], cons(b2n(A(a!1)(s!1) = A(a!2)(s!1)), e!1), s!1)"))
                                                    (("1"
                                                      (replace -1 1)
                                                      (("1"
                                                        (inst
                                                         +
                                                         "(C2, cons(A(a!2)(s!1), e!1), s!1)")
                                                        (("1"
                                                          (assert)
                                                          nil
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil)
                                       ("2"
                                        (hide -2 2)
                                        (("2"
                                          (lemma
                                           "tr_add"
                                           ("k1"
                                            "n!2"
                                            "k2"
                                            "1"
                                            "cf0"
                                            "(C2, cons(A(a!2)(s!1), e!1), s!1)"
                                            "cf2"
                                            "(null[Instruction], cons(b2n(A(a!1)(s!1) = A(a!2)(s!1)), e!1),
          s!1)"))
                                          (("2"
                                            (replace -1)
                                            (("2"
                                              (inst
                                               +
                                               "(cons(BINARY(LAMBDA (i_1, j_1: int): b2n(i_1 = j_1)), null[Instruction]),
          cons(A(a!1)(s!1), cons(A(a!2)(s!1), e!1)), s!1)")
                                              (("2"
                                                (assert)
                                                (("2"
                                                  (hide-all-but 1)
                                                  (("2"
                                                    (expand "tr")
                                                    (("2"
                                                      (expand "tr")
                                                      (("2"
                                                        (expand "step")
                                                        (("2"
                                                          (expand
                                                           "check2")
                                                          (("2"
                                                            (expand
                                                             "top")
                                                            (("2"
                                                              (expand
                                                               "pop")
                                                              (("2"
                                                                (expand
                                                                 "push")
                                                                (("2"
                                                                  (propax)
                                                                  nil
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("4" (skolem + ("a!1" "a!2"))
      (("4" (skosimp)
        (("4" (expand "CB")
          (("4" (expand "B")
            (("4"
              (lemma "correct_AExp" ("a" "a!2" "e" "e!1" "s" "s!1"))
              (("4"
                (lemma "correct_AExp"
                 ("a" "a!1" "e" "cons(A(a!2)(s!1),e!1)" "s" "s!1"))
                (("4" (skosimp*)
                  (("4" (inst + "n!1+n!2+1")
                    (("4"
                      (case "am.tr
          (n!1+1)((append(CA(a!1),
                          cons(BINARY(LAMBDA (i, j:int): b2n(i <= j)), null)),cons(A(a!2)(s!1), e!1), s!1),(null, cons(b2n(A(a!1)(s!1) <= A(a!2)(s!1)), e!1), s!1))")
                      (("1" (hide -2)
                        (("1"
                          (name-replace "C2" "append(CA(a!1),
                   cons(BINARY(LAMBDA (i, j: int): b2n(i <= j)), null))")
                          (("1"
                            (name-replace "CF2"
                             "(null[Instruction], cons(b2n(A(a!1)(s!1) <= A(a!2)(s!1)), e!1), s!1)")
                            (("1"
                              (lemma "code_partial"
                               ("k"
                                "n!2"
                                "c0"
                                "CA(a!2)"
                                "e0"
                                "e!1"
                                "s0"
                                "s!1"
                                "c1"
                                "null[Instruction]"
                                "e1"
                                "cons(A(a!2)(s!1), e!1)"
                                "s1"
                                "s!1"
                                "c2"
                                "C2"
                                "e2"
                                "null[int]"))
                              (("1"
                                (assert)
                                (("1"
                                  (rewrite "append_null")
                                  (("1"
                                    (rewrite "append_null")
                                    (("1"
                                      (expand "append" -1 2)
                                      (("1"
                                        (assert)
                                        (("1"
                                          (lemma
                                           "am.tr_add"
                                           ("k1"
                                            "n!2"
                                            "k2"
                                            "n!1+1"
                                            "cf0"
                                            "(append(CA(a!2), C2), e!1, s!1)"
                                            "cf2"
                                            "CF2"))
                                          (("1"
                                            (replace -1)
                                            (("1"
                                              (hide -1)
                                              (("1"
                                                (inst
                                                 +
                                                 "(C2, cons(A(a!2)(s!1), e!1), s!1)")
                                                (("1"
                                                  (assert)
                                                  nil
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil)
                       ("2" (hide -2 2)
                        (("2"
                          (lemma "code_partial"
                           ("k" "n!1" "c0" "CA(a!1)" "e0"
                            "cons(A(a!2)(s!1),e!1)" "s0" "s!1" "c1"
                            "null[Instruction]" "e1"
                            "cons(A(a!1)(s!1), cons(A(a!2)(s!1), e!1))"
                            "s1" "s!1" "c2"
                            "cons(BINARY(LAMBDA (i, j: int): b2n(i <= j)), null[Instruction])"
                            "e2" "null[int]"))
                          (("2" (assert)
                            (("2" (rewrite "append_null")
                              (("2"
                                (rewrite "append_null")
                                (("2"
                                  (expand "append" -1 2)
                                  (("2"
                                    (lemma
                                     "am.tr_add"
                                     ("k1"
                                      "n!1"
                                      "k2"
                                      "1"
                                      "cf0"
                                      "(append(CA(a!1),
                   cons(BINARY(LAMBDA (i, j: int): b2n(i <= j)), null)),
            cons(A(a!2)(s!1), e!1), s!1)"
                                      "cf2"
                                      "(null[Instruction], cons(b2n(A(a!1)(s!1) <= A(a!2)(s!1)), e!1), s!1)"))
                                    (("2"
                                      (replace -1)
                                      (("2"
                                        (inst
                                         +
                                         "(cons(BINARY(LAMBDA (i_1, j_1: int): b2n(i_1 <= j_1)),
               null[Instruction]),
          cons(A(a!1)(s!1), cons(A(a!2)(s!1), e!1)), s!1)")
                                        (("2"
                                          (assert)
                                          (("2"
                                            (hide-all-but 2)
                                            (("2"
                                              (expand "tr")
                                              (("2"
                                                (expand "tr")
                                                (("2"
                                                  (expand "step")
                                                  (("2"
                                                    (expand "check2")
                                                    (("2"
                                                      (expand "top")
                                                      (("2"
                                                        (expand "pop")
                                                        (("2"
                                                          (expand
                                                           "push")
                                                          (("2"
                                                            (propax)
                                                            nil
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("5" (skolem + ("b!1"))
      (("5" (skosimp*)
        (("5" (inst - "e!1" "s!1")
          (("5" (skosimp)
            (("5" (inst + "n!1+1")
              (("5" (expand "CB" 1)
                (("5" (expand "B" 1)
                  (("5" (expand "b2n" 1)
                    (("5" (assert)
                      (("5"
                        (lemma "code_partial"
                         ("k" "n!1" "c0" "CB(b!1)" "e0" "e!1" "s0"
                          "s!1" "c1" "null[Instruction]" "e1"
                          "cons(b2n(B(b!1)(s!1)), e!1)" "s1" "s!1" "c2"
                          "cons(UNARY(LAMBDA (i:int): 1 - i), null[Instruction])"
                          "e2" "null[int]"))
                        (("5" (assert)
                          (("5" (rewrite "append_null")
                            (("5" (rewrite "append_null")
                              (("5"
                                (expand "append" -1 2)
                                (("5"
                                  (name
                                   "CF0"
                                   "(append(CB(b!1), cons(UNARY(LAMBDA (i:int): 1 - i), null[Instruction])), e!1, s!1)")
                                  (("5"
                                    (replace -1)
                                    (("5"
                                      (hide -1)
                                      (("5"
                                        (lemma
                                         "am.tr_add"
                                         ("k1"
                                          "n!1"
                                          "k2"
                                          "1"
                                          "cf0"
                                          "CF0"
                                          "cf2"
                                          "(null[Instruction], cons(IF NOT (B(b!1)(s!1)) THEN 1 ELSE 0 ENDIF, e!1), s!1)"))
                                        (("5"
                                          (replace -1 1)
                                          (("5"
                                            (hide -1)
                                            (("5"
                                              (inst
                                               +
                                               "(cons(UNARY(LAMBDA (i_1: int): 1 - i_1), null[Instruction]),
          cons(b2n(B(b!1)(s!1)), e!1), s!1)")
                                              (("5"
                                                (assert)
                                                (("5"
                                                  (hide -1 -2)
                                                  (("5"
                                                    (expand "tr")
                                                    (("5"
                                                      (expand "tr")
                                                      (("5"
                                                        (expand "step")
                                                        (("5"
                                                          (expand
                                                           "check1")
                                                          (("5"
                                                            (expand
                                                             "top")
                                                            (("5"
                                                              (expand
                                                               "push")
                                                              (("5"
                                                                (expand
                                                                 "pop")
                                                                (("5"
                                                                  (assert)
                                                                  (("5"
                                                                    (expand
                                                                     "b2n")
                                                                    (("5"
                                                                      (assert)
                                                                      (("5"
                                                                        (lift-if)
                                                                        (("5"
                                                                          (assert)
                                                                          nil
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("6" (skolem + ("b!1" "b!2"))
      (("6" (skosimp*)
        (("6" (expand "CB" 1)
          (("6" (expand "B" 1)
            (("6" (inst - "cons(b2n(B(b!2)(s!1)),e!1)" "s!1")
              (("6" (skosimp)
                (("6" (inst - "e!1" "s!1")
                  (("6" (skosimp)
                    (("6" (expand "b2n" 1)
                      (("6" (name-replace "B1" "B(b!1)(s!1)")
                        (("6" (name-replace "B2" "B(b!2)(s!1)")
                          (("6"
                            (case "am.tr
          (n!1+1)
          ((append(CB(b!1),
                            cons(BINARY(LAMBDA (i, j:int): i * j), null[Instruction])), cons(b2n(B2), e!1), s!1),(null[Instruction], cons(IF B1 AND B2 THEN 1 ELSE 0 ENDIF, e!1), s!1))")
                            (("1" (hide -2)
                              (("1"
                                (name-replace
                                 "C2"
                                 "append(CB(b!1),
                   cons(BINARY(LAMBDA (i, j: int): i * j),
                        null[Instruction]))")
                                (("1"
                                  (name-replace
                                   "CF2"
                                   "(null[Instruction], cons(IF B1 AND B2 THEN 1 ELSE 0 ENDIF, e!1),
            s!1)")
                                  (("1"
                                    (lemma
                                     "code_partial"
                                     ("k"
                                      "n!2"
                                      "c0"
                                      "CB(b!2)"
                                      "e0"
                                      "e!1"
                                      "s0"
                                      "s!1"
                                      "c1"
                                      "null[Instruction]"
                                      "e1"
                                      "cons(b2n(B2), e!1)"
                                      "s1"
                                      "s!1"
                                      "c2"
                                      "C2"
                                      "e2"
                                      "null[int]"))
                                    (("1"
                                      (assert)
                                      (("1"
                                        (rewrite "append_null")
                                        (("1"
                                          (rewrite "append_null")
                                          (("1"
                                            (expand "append" -1 2)
                                            (("1"
                                              (inst + "n!2+n!1+1")
                                              (("1"
                                                (lemma
                                                 "am.tr_add"
                                                 ("k1"
                                                  "n!2"
                                                  "k2"
                                                  "1+n!1"
                                                  "cf0"
                                                  "(append(CB(b!2), C2), e!1, s!1)"
                                                  "cf2"
                                                  "CF2"))
                                                (("1"
                                                  (replace -1)
                                                  (("1"
                                                    (inst
                                                     +
                                                     "(C2, cons(b2n(B2), e!1), s!1)")
                                                    (("1"
                                                      (assert)
                                                      nil
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil)
                             ("2" (hide -2 2)
                              (("2"
                                (lemma
                                 "code_partial"
                                 ("k"
                                  "n!1"
                                  "c0"
                                  "CB(b!1)"
                                  "e0"
                                  "cons(b2n(B2), e!1)"
                                  "s0"
                                  "s!1"
                                  "c1"
                                  "null[Instruction]"
                                  "e1"
                                  "cons(b2n(B1), cons(b2n(B2), e!1))"
                                  "s1"
                                  "s!1"
                                  "c2"
                                  "cons(BINARY(LAMBDA (i, j: int): i * j),
                        null[Instruction])"
                                  "e2"
                                  "null[int]"))
                                (("2"
                                  (assert)
                                  (("2"
                                    (rewrite "append_null")
                                    (("2"
                                      (rewrite "append_null")
                                      (("2"
                                        (expand "append" -1 2)
                                        (("2"
                                          (name-replace
                                           "CF0"
                                           "(append(CB(b!1),
                 cons(BINARY(LAMBDA (i, j: int): i * j),
                      null[Instruction])),
          cons(b2n(B2), e!1), s!1)")
                                          (("2"
                                            (lemma
                                             "am.tr_add"
                                             ("k1"
                                              "n!1"
                                              "k2"
                                              "1"
                                              "cf0"
                                              "CF0"
                                              "cf2"
                                              "(null[Instruction], cons(IF B1 AND B2 THEN 1 ELSE 0 ENDIF, e!1),
            s!1)"))
                                            (("2"
                                              (replace -1)
                                              (("2"
                                                (inst
                                                 +
                                                 "(cons(BINARY(LAMBDA (i_1, j_1: int): i_1 * j_1),
               null[Instruction]),
          cons(b2n(B1), cons(b2n(B2), e!1)), s!1)")
                                                (("2"
                                                  (assert)
                                                  (("2"
                                                    (hide-all-but 1)
                                                    (("2"
                                                      (expand "tr")
                                                      (("2"
                                                        (expand "tr")
                                                        (("2"
                                                          (expand
                                                           "step")
                                                          (("2"
                                                            (expand
                                                             "check2")
                                                            (("2"
                                                              (expand
                                                               "top")
                                                              (("2"
                                                                (expand
                                                                 "pop")
                                                                (("2"
                                                                  (expand
                                                                   "push")
                                                                  (("2"
                                                                    (expand
                                                                     "b2n")
                                                                    (("2"
                                                                      (case-replace
                                                                       "B1")
                                                                      (("1"
                                                                        (case-replace
                                                                         "B2")
                                                                        (("1"
                                                                          (assert)
                                                                          nil
                                                                          nil)
                                                                         ("2"
                                                                          (assert)
                                                                          nil
                                                                          nil))
                                                                        nil)
                                                                       ("2"
                                                                        (assert)
                                                                        (("2"
                                                                          (case-replace
                                                                           "B2")
                                                                          (("1"
                                                                            (assert)
                                                                            nil
                                                                            nil)
                                                                           ("2"
                                                                            (assert)
                                                                            nil
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil))
    nil)
   ((nnint_times_nnint_is_nnint application-judgement "nonneg_int"
     integers nil)
    (odd_times_odd_is_odd application-judgement "odd_int" integers nil)
    (posint_times_posint_is_posint application-judgement "posint"
     integers nil)
    (even_times_int_is_even application-judgement "even_int" integers
     nil)
    (mult_divides1 application-judgement "(divides(n))" divides nil)
    (mult_divides2 application-judgement "(divides(m))" divides nil)
    (* const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (check1 const-decl "bool" am nil)
    (NOT const-decl "[bool -> bool]" booleans nil)
    (IF const-decl "[boolean, T, T -> T]" if_def nil)
    (- const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (UNARY adt-constructor-decl "[[int -> int] -> (UNARY?)]"
     Instruction nil)
    (UNARY? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (<= const-decl "bool" reals nil)
    (even_minus_odd_is_odd application-judgement "odd_int" integers
     nil)
    (real_le_is_total_order name-judgement "(total_order?[real])"
     real_props nil)
    (nnint_plus_posint_is_posint application-judgement "posint"
     integers nil)
    (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (numfield nonempty-type-eq-decl nil number_fields nil)
    (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
     integers nil)
    (tr_add formula-decl nil am nil)
    (posint_plus_nnint_is_posint application-judgement "posint"
     integers nil)
    (check2 const-decl "bool" am nil) (pop const-decl "Stack" am nil)
    (top const-decl "int" am nil)
    (int_minus_int_is_int application-judgement "int" integers nil)
    (append def-decl "list[T]" list_props nil)
    (append_null formula-decl nil list_props nil)
    (= const-decl "[T, T -> boolean]" equalities nil)
    (BINARY adt-constructor-decl "[[[int, int] -> int] -> (BINARY?)]"
     Instruction nil)
    (BINARY? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (CA def-decl "Code" compiler nil)
    (code_partial formula-decl nil am nil)
    (A def-decl "[State -> int]" AExp nil)
    (AExp type-decl nil AExp nil)
    (correct_AExp formula-decl nil bisimulation nil)
    (push const-decl "Stack" am nil) (step const-decl "Config" am nil)
    (BExp_induction formula-decl nil BExp nil)
    (V formal-nonempty-type-decl nil bisimulation nil)
    (B def-decl "[State -> bool]" BExp nil)
    (b2n const-decl "nbit" bit nil) (nbit type-eq-decl nil bit nil)
    (< const-decl "bool" reals nil)
    (cons adt-constructor-decl "[[T, list] -> (cons?)]" list_adt nil)
    (cons? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (null adt-constructor-decl "(null?)" list_adt nil)
    (null? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (CB def-decl "Code" compiler nil) (tr def-decl "bool" am nil)
    (Config nonempty-type-eq-decl nil am nil)
    (Stack nonempty-type-eq-decl nil am nil)
    (Code nonempty-type-eq-decl nil Instruction nil)
    (Instruction type-decl nil Instruction nil)
    (nat nonempty-type-eq-decl nil naturalnumbers nil)
    (>= const-decl "bool" reals nil)
    (State nonempty-type-eq-decl nil State nil)
    (int nonempty-type-eq-decl nil integers nil)
    (integer_pred const-decl "[rational -> boolean]" integers nil)
    (rational nonempty-type-from-decl nil rationals nil)
    (rational_pred const-decl "[real -> boolean]" rationals nil)
    (real nonempty-type-from-decl nil reals nil)
    (real_pred const-decl "[number_field -> boolean]" reals nil)
    (number_field nonempty-type-from-decl nil number_fields nil)
    (number_field_pred const-decl "[number -> boolean]" number_fields
     nil)
    (AND const-decl "[bool, bool -> bool]" booleans nil)
    (every adt-def-decl "boolean" list_adt nil)
    (PRED type-eq-decl nil defined_types nil)
    (bool nonempty-type-eq-decl nil booleans nil)
    (list type-decl nil list_adt nil)
    (number nonempty-type-decl nil numbers nil)
    (boolean nonempty-type-decl nil booleans nil)
    (BExp type-decl nil BExp nil))
   shostak))
 (eq_AExp 0
  (eq_AExp-1 nil 3399296901
   ("" (skosimp*)
    (("" (lemma "trich_lt" ("x" "m!1" "y" "n!1"))
      (("" (split)
        (("1"
          (lemma "am.tr_add"
           ("k1" "m!1" "cf0" "(CA(a!1), e!1, s!1)" "cf2"
            "(null[Instruction], cons(A(a!1)(s!1), e!1), s!1)" "k2"
            "n!1-m!1"))
          (("1" (assert)
            (("1" (skosimp)
              (("1"
                (lemma "am.tr_eq"
                 ("k" "m!1" "cf0" "(CA(a!1), e!1, s!1)" "cf1" "ac!1"
                  "cf2" "cf1!1"))
                (("1" (assert)
                  (("1" (replace -1)
                    (("1" (expand "tr" -3) (("1" (flatten) nil nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (assert) nil nil))
          nil)
         ("2" (replace -1)
          (("2"
            (lemma "am.tr_eq"
             ("k" "n!1" "cf0" "(CA(a!1), e!1, s!1)" "cf1" "ac!1" "cf2"
              "(null[Instruction], cons(A(a!1)(s!1), e!1), s!1)"))
            (("2" (assert) nil nil)) nil))
          nil)
         ("3"
          (lemma "am.tr_add"
           ("k1" "n!1" "k2" "m!1-n!1" "cf0" "(CA(a!1), e!1, s!1)" "cf2"
            "ac!1"))
          (("1" (assert)
            (("1" (skosimp)
              (("1"
                (lemma "am.tr_eq"
                 ("k" "n!1" "cf0" "(CA(a!1), e!1, s!1)" "cf1" "cf1!1"
                  "cf2"
                  "(null[Instruction], cons(A(a!1)(s!1), e!1), s!1)"))
                (("1" (assert)
                  (("1" (expand "tr" -3) (("1" (propax) nil nil)) nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (assert) nil nil))
          nil))
        nil))
      nil))
    nil)
   ((nat nonempty-type-eq-decl nil naturalnumbers nil)
    (>= const-decl "bool" reals nil)
    (bool nonempty-type-eq-decl nil booleans nil)
    (int nonempty-type-eq-decl nil integers nil)
    (integer_pred const-decl "[rational -> boolean]" integers nil)
    (rational nonempty-type-from-decl nil rationals nil)
    (rational_pred const-decl "[real -> boolean]" rationals nil)
    (real nonempty-type-from-decl nil reals nil)
    (real_pred const-decl "[number_field -> boolean]" reals nil)
    (number_field nonempty-type-from-decl nil number_fields nil)
    (number_field_pred const-decl "[number -> boolean]" number_fields
     nil)
    (boolean nonempty-type-decl nil booleans nil)
    (number nonempty-type-decl nil numbers nil)
    (trich_lt formula-decl nil real_props nil)
    (V formal-nonempty-type-decl nil bisimulation nil)
    (- const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (numfield nonempty-type-eq-decl nil number_fields nil)
    (A def-decl "[State -> int]" AExp nil)
    (cons adt-constructor-decl "[[T, list] -> (cons?)]" list_adt nil)
    (cons? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (null adt-constructor-decl "(null?)" list_adt nil)
    (null? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (CA def-decl "Code" compiler nil) (AExp type-decl nil AExp nil)
    (Config nonempty-type-eq-decl nil am nil)
    (State nonempty-type-eq-decl nil State nil)
    (Stack nonempty-type-eq-decl nil am nil)
    (AND const-decl "[bool, bool -> bool]" booleans nil)
    (every adt-def-decl "boolean" list_adt nil)
    (PRED type-eq-decl nil defined_types nil)
    (Code nonempty-type-eq-decl nil Instruction nil)
    (list type-decl nil list_adt nil)
    (Instruction type-decl nil Instruction nil)
    (tr_add formula-decl nil am nil)
    (int_minus_int_is_int application-judgement "int" integers nil)
    (real_ge_is_total_order name-judgement "(total_order?[real])"
     real_props nil)
    (tr def-decl "bool" am nil) (tr_eq formula-decl nil am nil)
    (real_lt_is_strict_total_order name-judgement
     "(strict_total_order?[real])" real_props nil)
    (int_plus_int_is_int application-judgement "int" integers nil))
   shostak))
 (AExp_steps 0
  (AExp_steps-1 nil 3399347957
   ("" (induct "a")
    (("1" (skosimp)
      (("1" (skosimp)
        (("1" (expand "CA")
          (("1" (expand "tr") (("1" (assert) nil nil)) nil)) nil))
        nil))
      nil)
     ("2" (skosimp*)
      (("2" (expand "CA")
        (("2" (expand "tr") (("2" (assert) nil nil)) nil)) nil))
      nil)
     ("3" (skolem + ("a!1" "a!2"))
      (("3" (skosimp*)
        (("3" (expand "CA" -3)
          (("3"
            (lemma "code_split"
             ("k" "n!1" "c1" "CA(a!2)" "c2" "append(CA(a!1),
                          cons(BINARY(LAMBDA (i, j:int): i + j), null[Instruction]))"
              "e" "e!1" "s" "s!1" "e2"
              "cons(A(Add(a!1, a!2))(s!1), e!1)" "s2" "s!1"))
            (("3" (replace -4 -1)
              (("3" (skosimp)
                (("3" (inst -5 "e!1" "k1!1" "s!1")
                  (("3" (assert)
                    (("3" (hide-all-but (-1 1))
                      (("3"
                        (lemma "correct_AExp"
                         ("a" "a!2" "e" "e!1" "s" "s!1"))
                        (("3" (skosimp)
                          (("3"
                            (lemma "eq_AExp"
                             ("a" "a!2" "e" "e!1" "s" "s!1" "ac"
                              "(null[Instruction], e1!1, s1!1)" "n"
                              "n!2" "m" "k1!1"))
                            (("3" (assert) nil nil)) nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("4" (skolem + ("a!1" "a!2"))
      (("4" (skosimp*)
        (("4" (expand "CA" -3)
          (("4"
            (lemma "code_split"
             ("k" "n!1" "c1" "CA(a!2)" "c2" "append(CA(a!1),
                          cons(BINARY(LAMBDA (i, j:int): i - j), null[Instruction]))"
              "e" "e!1" "s" "s!1" "e2"
              "cons(A(Sub(a!1, a!2))(s!1), e!1)" "s2" "s!1"))
            (("4" (assert)
              (("4" (skosimp)
                (("4" (hide -2 -6 -4)
                  (("4"
                    (lemma "correct_AExp"
                     ("a" "a!2" "e" "e!1" "s" "s!1"))
                    (("4" (skosimp)
                      (("4"
                        (lemma "eq_AExp"
                         ("n" "n!2" "a" "a!2" "e" "e!1" "s" "s!1" "ac"
                          "(null[Instruction], e1!1, s1!1)" "m"
                          "k1!1"))
                        (("4" (assert)
                          (("4" (flatten)
                            (("4" (inst - "e!1" "n!2" "s!1")
                              (("4" (assert) nil nil)) nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("5" (skolem + ("a!1" "a!2"))
      (("5" (skosimp*)
        (("5" (expand "CA" -3)
          (("5"
            (lemma "code_split"
             ("k" "n!1" "c1" "CA(a!2)" "c2" "append(CA(a!1),
                          cons(BINARY(LAMBDA (i, j:int): i * j), null[Instruction]))"
              "e" "e!1" "s" "s!1" "e2"
              "cons(A(Mul(a!1, a!2))(s!1), e!1)" "s2" "s!1"))
            (("5" (assert)
              (("5" (skosimp)
                (("5" (hide -2 -4 -6)
                  (("5"
                    (lemma "correct_AExp"
                     ("a" "a!2" "e" "e!1" "s" "s!1"))
                    (("5" (skosimp)
                      (("5" (inst - "e!1" "n!2" "s!1")
                        (("5" (assert)
                          (("5"
                            (lemma "eq_AExp"
                             ("n" "n!2" "a" "a!2" "e" "e!1" "s" "s!1"
                              "ac" "(null[Instruction], e1!1, s1!1)"
                              "m" "k1!1"))
                            (("5" (assert) nil nil)) nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil))
    nil)
   ((mult_divides1 application-judgement "(divides(n))" divides nil)
    (mult_divides2 application-judgement "(divides(m))" divides nil)
    (* const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (Mul? adt-recognizer-decl "[AExp -> boolean]" AExp nil)
    (Mul adt-constructor-decl "[[AExp, AExp] -> (Mul?)]" AExp nil)
    (int_minus_int_is_int application-judgement "int" integers nil)
    (- const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (Sub? adt-recognizer-decl "[AExp -> boolean]" AExp nil)
    (Sub adt-constructor-decl "[[AExp, AExp] -> (Sub?)]" AExp nil)
    (eq_AExp formula-decl nil bisimulation nil)
    (correct_AExp formula-decl nil bisimulation nil)
    (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
     integers nil)
    (int_plus_int_is_int application-judgement "int" integers nil)
    (code_split formula-decl nil am nil)
    (append def-decl "list[T]" list_props nil)
    (BINARY? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (BINARY adt-constructor-decl "[[[int, int] -> int] -> (BINARY?)]"
     Instruction nil)
    (numfield nonempty-type-eq-decl nil number_fields nil)
    (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (Add? adt-recognizer-decl "[AExp -> boolean]" AExp nil)
    (Add adt-constructor-decl "[[AExp, AExp] -> (Add?)]" AExp nil)
    (real_ge_is_total_order name-judgement "(total_order?[real])"
     real_props nil)
    (AExp_induction formula-decl nil AExp nil)
    (V formal-nonempty-type-decl nil bisimulation nil)
    (A def-decl "[State -> int]" AExp nil)
    (cons adt-constructor-decl "[[T, list] -> (cons?)]" list_adt nil)
    (cons? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (null adt-constructor-decl "(null?)" list_adt nil)
    (null? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (CA def-decl "Code" compiler nil) (tr def-decl "bool" am nil)
    (Config nonempty-type-eq-decl nil am nil)
    (Stack nonempty-type-eq-decl nil am nil)
    (Code nonempty-type-eq-decl nil Instruction nil)
    (Instruction type-decl nil Instruction nil)
    (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
    (State nonempty-type-eq-decl nil State nil)
    (nat nonempty-type-eq-decl nil naturalnumbers nil)
    (>= const-decl "bool" reals nil)
    (int nonempty-type-eq-decl nil integers nil)
    (integer_pred const-decl "[rational -> boolean]" integers nil)
    (rational nonempty-type-from-decl nil rationals nil)
    (rational_pred const-decl "[real -> boolean]" rationals nil)
    (real nonempty-type-from-decl nil reals nil)
    (real_pred const-decl "[number_field -> boolean]" reals nil)
    (number_field nonempty-type-from-decl nil number_fields nil)
    (number_field_pred const-decl "[number -> boolean]" number_fields
     nil)
    (AND const-decl "[bool, bool -> bool]" booleans nil)
    (every adt-def-decl "boolean" list_adt nil)
    (PRED type-eq-decl nil defined_types nil)
    (bool nonempty-type-eq-decl nil booleans nil)
    (list type-decl nil list_adt nil)
    (number nonempty-type-decl nil numbers nil)
    (boolean nonempty-type-decl nil booleans nil)
    (AExp type-decl nil AExp nil))
   shostak))
 (AExp_e 0
  (AExp_e-1 nil 3399349553
   (""
    (case "FORALL (a1,a2: AExp,f:[[int,int]->int]):
        ((FORALL (ac: am.Config, e: list[int], n: nat, pn: posnat,
                  s: State):
            am.tr
                (n)
                ((CA(a1), e, s), (null, cons(A(a1)(s), e), s))
             AND pn <= n AND am.tr(pn)((CA(a1), e, s), ac)
             => length(ac`2) >= 1 + length(e))
          AND
          (FORALL (ac: am.Config, e: list[int], n: nat, pn: posnat,
                   s: State):
             am.tr
                 (n)
                 ((CA(a2), e, s), (null, cons(A(a2)(s), e), s))
              AND pn <= n AND am.tr(pn)((CA(a2), e, s), ac)
              => length(ac`2) >= 1 + length(e)))
         IMPLIES
         (FORALL (ac: am.Config, e: list[int], n: nat, pn: posnat,
                  s: State):
            am.tr
                (n)
                ((append(CA(a2),
                         append(CA(a1),
                                cons(BINARY(f), null))),
                  e, s),
                 (null, cons(f(A(a1)(s),A(a2)(s)), e), s))
             AND
             pn <= n AND
              am.tr
                  (pn)
                  ((append(CA(a2),
                           append(CA(a1),
                                  cons(BINARY(f), null))),
                    e, s),
                   ac)
             => length(ac`2) >= 1 + length(e))")
    (("1" (induct "a")
      (("1" (hide -1)
        (("1" (skolem + ("z!1"))
          (("1" (skosimp*)
            (("1" (expand "CA")
              (("1" (case-replace "n!1=0")
                (("1" (assert) nil nil)
                 ("2" (case-replace "n!1=1")
                  (("1" (expand "tr")
                    (("1" (expand "tr")
                      (("1" (flatten)
                        (("1" (assert)
                          (("1" (expand "step")
                            (("1" (assert)
                              (("1"
                                (expand "push")
                                (("1"
                                  (expand "A")
                                  (("1"
                                    (assert)
                                    (("1"
                                      (replace -4 * rl)
                                      (("1"
                                        (assert)
                                        (("1"
                                          (expand "length" 4 1)
                                          (("1" (assert) nil nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil)
                   ("2" (hide -2 -3 3)
                    (("2" (expand "tr")
                      (("2" (assert)
                        (("2" (flatten)
                          (("2" (expand "tr")
                            (("2" (flatten)
                              (("2"
                                (expand "step")
                                (("2" (propax) nil nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil)
       ("2" (hide -1)
        (("2" (skolem + ("x!1"))
          (("2" (skosimp)
            (("2" (expand "CA")
              (("2" (expand "A")
                (("2" (case-replace "n!1=0")
                  (("1" (assert) nil nil)
                   ("2" (case-replace "n!1=1")
                    (("1" (expand "tr")
                      (("1" (flatten)
                        (("1" (expand "step")
                          (("1" (expand "tr")
                            (("1" (assert)
                              (("1"
                                (expand "push")
                                (("1"
                                  (replace -4 * rl)
                                  (("1"
                                    (assert)
                                    (("1"
                                      (expand "length" 4 1)
                                      (("1" (assert) nil nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil)
                     ("2" (hide -2 -3 3)
                      (("2" (expand "tr")
                        (("2" (expand "tr")
                          (("2" (expand "step")
                            (("2" (expand "push")
                              (("2" (assert) nil nil)) nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil)
       ("3" (skolem + ("a!1" "a!2"))
        (("3" (inst - "a!1" "a!2" "lambda (i,j:int):i+j")
          (("3" (skosimp*)
            (("3" (expand "CA" -3)
              (("3" (expand "A" -3)
                (("3" (replace -2 -6)
                  (("3" (split -6)
                    (("1" (inst - "ac!1" "e!1" "n!1" "pn!1" "s!1")
                      (("1" (replace -4)
                        (("1" (replace -5)
                          (("1" (expand "CA" -6)
                            (("1" (replace -6) (("1" (propax) nil nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil)
                     ("2" (propax) nil nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil)
       ("4" (skolem + ("a!1" "a!2"))
        (("4" (skosimp*)
          (("4" (expand "CA" -3)
            (("4" (expand "A" -3)
              (("4" (inst -6 "a!1" "a!2" "lambda (i,j:int): i-j")
                (("4" (replace -2)
                  (("4" (split -6)
                    (("1" (expand "CA" -6)
                      (("1" (inst - "ac!1" "e!1" "n!1" "pn!1" "s!1")
                        (("1" (replace -4)
                          (("1" (replace -5)
                            (("1" (replace -6) (("1" (propax) nil nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil)
                     ("2" (propax) nil nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil)
       ("5" (skolem + ("a!1" "a!2"))
        (("5" (skosimp*)
          (("5" (inst -6 "a!1" "a!2" "lambda (i,j:int): i*j")
            (("5" (replace -2)
              (("5" (split -6)
                (("1" (inst - "ac!1" "e!1" "n!1" "pn!1" "s!1")
                  (("1" (expand "CA" (-4 -6))
                    (("1" (expand "A" -4) (("1" (assert) nil nil))
                      nil))
                    nil))
                  nil)
                 ("2" (propax) nil nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("2" (hide 2)
      (("2" (skosimp*)
        (("2"
          (lemma "code_split"
           ("k" "n!1" "c1" "CA(a2!1)" "c2"
            "append(CA(a1!1), cons(BINARY(f!1), null[Instruction]))"
            "e" "e!1" "s" "s!1" "e2"
            "cons(f!1(A(a1!1)(s!1), A(a2!1)(s!1)), e!1)" "s2" "s!1"))
          (("2" (assert)
            (("2" (skosimp)
              (("2"
                (lemma "correct_AExp" ("a" "a2!1" "e" "e!1" "s" "s!1"))
                (("2" (skosimp)
                  (("2"
                    (lemma "eq_AExp"
                     ("n" "n!2" "a" "a2!1" "e" "e!1" "s" "s!1" "m"
                      "k1!1" "ac" "(null[Instruction], e1!1, s1!1)"))
                    (("2" (assert)
                      (("2" (flatten)
                        (("2" (replace -1)
                          (("2" (replace -2)
                            (("2" (replace -3)
                              (("2"
                                (hide -1 -2 -3 -4)
                                (("2"
                                  (inst
                                   -5
                                   "_"
                                   "e!1"
                                   "k1!1"
                                   "pn!1"
                                   "s!1")
                                  (("2"
                                    (replace -1)
                                    (("2"
                                      (case-replace "pn!1<=k1!1")
                                      (("1"
                                        (hide -3 -5 -8 -7)
                                        (("1"
                                          (expand "<=" -1)
                                          (("1"
                                            (split -1)
                                            (("1"
                                              (lemma
                                               "am.tr_add"
                                               ("k1"
                                                "pn!1"
                                                "k2"
                                                "k1!1-pn!1"
                                                "cf0"
                                                "(CA(a2!1), e!1, s!1)"
                                                "cf2"
                                                "(null[Instruction], cons(A(a2!1)(s!1), e!1), s!1)"))
                                              (("1"
                                                (assert)
                                                (("1"
                                                  (skosimp)
                                                  (("1"
                                                    (inst -6 "cf1!1")
                                                    (("1"
                                                      (assert)
                                                      (("1"
                                                        (lemma
                                                         "code_partial"
                                                         ("k"
                                                          "pn!1"
                                                          "c0"
                                                          "CA(a2!1)"
                                                          "c1"
                                                          "cf1!1`1"
                                                          "e0"
                                                          "e!1"
                                                          "e1"
                                                          "cf1!1`2"
                                                          "s0"
                                                          "s!1"
                                                          "s1"
                                                          "cf1!1`3"
                                                          "c2"
                                                          "append(CA(a1!1), cons(BINARY(f!1), null[Instruction]))"
                                                          "e2"
                                                          "null[int]"))
                                                        (("1"
                                                          (rewrite
                                                           "append_null")
                                                          (("1"
                                                            (rewrite
                                                             "append_null")
                                                            (("1"
                                                              (rewrite
                                                               "append_assoc"
                                                               -1
                                                               :dir
                                                               rl)
                                                              (("1"
                                                                (case-replace
                                                                 "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                                (("1"
                                                                  (replace
                                                                   -3)
                                                                  (("1"
                                                                    (name-replace
                                                                     "CF0"
                                                                     "(append(append(CA(a2!1), CA(a1!1)),
                 cons(BINARY(f!1), null[Instruction])),
          e!1, s!1)")
                                                                    (("1"
                                                                      (lemma
                                                                       "tr_eq"
                                                                       ("k"
                                                                        "pn!1"
                                                                        "cf0"
                                                                        "CF0"
                                                                        "cf1"
                                                                        "(append(cf1!1`1,
                 append(CA(a1!1), cons(BINARY(f!1), null[Instruction]))),
          cf1!1`2, cf1!1`3)"
                                                                        "cf2"
                                                                        "ac!1"))
                                                                      (("1"
                                                                        (assert)
                                                                        nil
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil)
                                                                 ("2"
                                                                  (decompose-equality)
                                                                  nil
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil)
                                               ("2" (assert) nil nil))
                                              nil)
                                             ("2"
                                              (replace -1)
                                              (("2"
                                                (hide -4 -1 -3)
                                                (("2"
                                                  (lemma
                                                   "code_partial"
                                                   ("k"
                                                    "k1!1"
                                                    "c0"
                                                    "CA(a2!1)"
                                                    "e0"
                                                    "e!1"
                                                    "s0"
                                                    "s!1"
                                                    "c1"
                                                    "null[Instruction]"
                                                    "e1"
                                                    "cons(A(a2!1)(s!1), e!1)"
                                                    "s1"
                                                    "s!1"
                                                    "c2"
                                                    "append(CA(a1!1), cons(BINARY(f!1), null[Instruction]))"
                                                    "e2"
                                                    "null[int]"))
                                                  (("2"
                                                    (rewrite
                                                     "append_null")
                                                    (("2"
                                                      (rewrite
                                                       "append_null")
                                                      (("2"
                                                        (replace -2)
                                                        (("2"
                                                          (rewrite
                                                           "append_assoc"
                                                           -1
                                                           :dir
                                                           rl)
                                                          (("2"
                                                            (name-replace
                                                             "CF0"
                                                             "(append(append(CA(a2!1), CA(a1!1)),
                   cons(BINARY(f!1), null[Instruction])),
            e!1, s!1)")
                                                            (("2"
                                                              (expand
                                                               "append"
                                                               -1
                                                               1)
                                                              (("2"
                                                                (lemma
                                                                 "am.tr_eq"
                                                                 ("cf0"
                                                                  "CF0"
                                                                  "cf1"
                                                                  "(append(CA(a1!1), cons(BINARY(f!1), null[Instruction])),
          cons(A(a2!1)(s!1), e!1), s!1)"
                                                                  "cf2"
                                                                  "ac!1"
                                                                  "k"
                                                                  "k1!1"))
                                                                (("2"
                                                                  (assert)
                                                                  (("2"
                                                                    (replace
                                                                     -1
                                                                     1
                                                                     rl)
                                                                    (("2"
                                                                      (assert)
                                                                      (("2"
                                                                        (expand
                                                                         "length"
                                                                         1
                                                                         1)
                                                                        (("2"
                                                                          (assert)
                                                                          nil
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil)
                                       ("2"
                                        (case "pn!1>k1!1")
                                        (("1"
                                          (hide 1)
                                          (("1"
                                            (hide -6 -7)
                                            (("1"
                                              (lemma
                                               "code_split"
                                               ("k"
                                                "k2!1"
                                                "c1"
                                                "CA(a1!1)"
                                                "c2"
                                                "cons(BINARY(f!1), null[Instruction])"
                                                "e"
                                                "cons(A(a2!1)(s!1), e!1)"
                                                "s"
                                                "s!1"
                                                "e2"
                                                "cons(f!1(A(a1!1)(s!1), A(a2!1)(s!1)), e!1)"
                                                "s2"
                                                "s!1"))
                                              (("1"
                                                (assert)
                                                (("1"
                                                  (skosimp)
                                                  (("1"
                                                    (case-replace
                                                     "k2!2=1")
                                                    (("1"
                                                      (hide -1)
                                                      (("1"
                                                        (case
                                                         "am.tr
          (pn!1-k1!1)
          ((append(CA(a1!1), cons(BINARY(f!1), null[Instruction])),
            cons(A(a2!1)(s!1), e!1), s!1),
           ac!1)")
                                                        (("1"
                                                          (hide -11)
                                                          (("1"
                                                            (hide -6)
                                                            (("1"
                                                              (lemma
                                                               "correct_AExp"
                                                               ("a"
                                                                "a1!1"
                                                                "e"
                                                                "cons(A(a2!1)(s!1), e!1)"
                                                                "s"
                                                                "s!1"))
                                                              (("1"
                                                                (skosimp)
                                                                (("1"
                                                                  (lemma
                                                                   "eq_AExp"
                                                                   ("n"
                                                                    "n!3"
                                                                    "e"
                                                                    "cons(A(a2!1)(s!1), e!1)"
                                                                    "s"
                                                                    "s!1"
                                                                    "ac"
                                                                    "(null[Instruction], e1!2, s1!2)"
                                                                    "m"
                                                                    "k1!2"
                                                                    "a"
                                                                    "a1!1"))
                                                                  (("1"
                                                                    (replace
                                                                     -2)
                                                                    (("1"
                                                                      (replace
                                                                       -4)
                                                                      (("1"
                                                                        (simplify
                                                                         -1)
                                                                        (("1"
                                                                          (flatten)
                                                                          (("1"
                                                                            (replace
                                                                             -1)
                                                                            (("1"
                                                                              (replace
                                                                               -2)
                                                                              (("1"
                                                                                (replace
                                                                                 -3)
                                                                                (("1"
                                                                                  (hide
                                                                                   -1
                                                                                   -2
                                                                                   -3
                                                                                   -4)
                                                                                  (("1"
                                                                                    (inst
                                                                                     -
                                                                                     "_"
                                                                                     "cons(A(a2!1)(s!1), e!1)"
                                                                                     "k1!2"
                                                                                     "_"
                                                                                     "s!1")
                                                                                    (("1"
                                                                                      (replace
                                                                                       -2)
                                                                                      (("1"
                                                                                        (expand
                                                                                         "<="
                                                                                         -9)
                                                                                        (("1"
                                                                                          (split
                                                                                           -9)
                                                                                          (("1"
                                                                                            (inst
                                                                                             -
                                                                                             "_"
                                                                                             "pn!1-k1!1")
                                                                                            (("1"
                                                                                              (assert)
                                                                                              (("1"
                                                                                                (expand
                                                                                                 "length"
                                                                                                 -9
                                                                                                 2)
                                                                                                (("1"
                                                                                                  (name-replace
                                                                                                   "CF0"
                                                                                                   "(CA(a1!1), cons(A(a2!1)(s!1), e!1), s!1)")
                                                                                                  (("1"
                                                                                                    (hide
                                                                                                     -4
                                                                                                     -7)
                                                                                                    (("1"
                                                                                                      (lemma
                                                                                                       "tr_add"
                                                                                                       ("k1"
                                                                                                        "pn!1 - k1!1"
                                                                                                        "k2"
                                                                                                        "k1!2-(pn!1 - k1!1)"
                                                                                                        "cf0"
                                                                                                        "CF0"
                                                                                                        "cf2"
                                                                                                        "(null[Instruction], cons(A(a1!1)(s!1), cons(A(a2!1)(s!1), e!1)), s!1)"))
                                                                                                      (("1"
                                                                                                        (assert)
                                                                                                        (("1"
                                                                                                          (skosimp)
                                                                                                          (("1"
                                                                                                            (inst
                                                                                                             -
                                                                                                             "cf1!1")
                                                                                                            (("1"
                                                                                                              (assert)
                                                                                                              (("1"
                                                                                                                (expand
                                                                                                                 "CF0"
                                                                                                                 -1)
                                                                                                                (("1"
                                                                                                                  (lemma
                                                                                                                   "code_partial"
                                                                                                                   ("k"
                                                                                                                    "pn!1-k1!1"
                                                                                                                    "c0"
                                                                                                                    "CA(a1!1)"
                                                                                                                    "e0"
                                                                                                                    "cons(A(a2!1)(s!1), e!1)"
                                                                                                                    "s0"
                                                                                                                    "s!1"
                                                                                                                    "c1"
                                                                                                                    "cf1!1`1"
                                                                                                                    "e1"
                                                                                                                    "cf1!1`2"
                                                                                                                    "s1"
                                                                                                                    "cf1!1`3"
                                                                                                                    "c2"
                                                                                                                    "cons(BINARY(f!1), null[Instruction])"
                                                                                                                    "e2"
                                                                                                                    "null[int]"))
                                                                                                                  (("1"
                                                                                                                    (case-replace
                                                                                                                     "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                                                                                    (("1"
                                                                                                                      (replace
                                                                                                                       -3)
                                                                                                                      (("1"
                                                                                                                        (rewrite
                                                                                                                         "append_null")
                                                                                                                        (("1"
                                                                                                                          (rewrite
                                                                                                                           "append_null")
                                                                                                                          (("1"
                                                                                                                            (name-replace
                                                                                                                             "CF1"
                                                                                                                             "(append(CA(a1!1), cons(BINARY(f!1), null[Instruction])),
          cons(A(a2!1)(s!1), e!1), s!1)")
                                                                                                                            (("1"
                                                                                                                              (hide-all-but
                                                                                                                               (-2
                                                                                                                                -6
                                                                                                                                -11
                                                                                                                                1
                                                                                                                                -9))
                                                                                                                              (("1"
                                                                                                                                (lemma
                                                                                                                                 "tr_eq"
                                                                                                                                 ("k"
                                                                                                                                  "pn!1-k1!1"
                                                                                                                                  "cf0"
                                                                                                                                  "CF1"
                                                                                                                                  "cf1"
                                                                                                                                  "ac!1"
                                                                                                                                  "cf2"
                                                                                                                                  "(append(cf1!1`1, cons(BINARY(f!1), null[Instruction])), cf1!1`2,
          cf1!1`3)"))
                                                                                                                                (("1"
                                                                                                                                  (assert)
                                                                                                                                  nil
                                                                                                                                  nil))
                                                                                                                                nil))
                                                                                                                              nil))
                                                                                                                            nil))
                                                                                                                          nil))
                                                                                                                        nil))
                                                                                                                      nil)
                                                                                                                     ("2"
                                                                                                                      (decompose-equality)
                                                                                                                      nil
                                                                                                                      nil))
                                                                                                                    nil))
                                                                                                                  nil))
                                                                                                                nil))
                                                                                                              nil))
                                                                                                            nil))
                                                                                                          nil))
                                                                                                        nil))
                                                                                                      nil))
                                                                                                    nil))
                                                                                                  nil))
                                                                                                nil))
                                                                                              nil))
                                                                                            nil)
                                                                                           ("2"
                                                                                            (replace
                                                                                             -1
                                                                                             *
                                                                                             rl)
                                                                                            (("2"
                                                                                              (case-replace
                                                                                               "pn!1 - k1!1=k2!1")
                                                                                              (("1"
                                                                                                (name-replace
                                                                                                 "CF0"
                                                                                                 "(append(CA(a1!1), cons(BINARY(f!1), null[Instruction])),
            cons(A(a2!1)(s!1), e!1), s!1)")
                                                                                                (("1"
                                                                                                  (hide-all-but
                                                                                                   (-3
                                                                                                    -8
                                                                                                    1))
                                                                                                  (("1"
                                                                                                    (lemma
                                                                                                     "tr_eq"
                                                                                                     ("k"
                                                                                                      "k2!1"
                                                                                                      "cf0"
                                                                                                      "CF0"
                                                                                                      "cf1"
                                                                                                      "ac!1"
                                                                                                      "cf2"
                                                                                                      "(null[Instruction], cons(f!1(A(a1!1)(s!1), A(a2!1)(s!1)), e!1), s!1)"))
                                                                                                    (("1"
                                                                                                      (assert)
                                                                                                      (("1"
                                                                                                        (replace
                                                                                                         -1
                                                                                                         1)
                                                                                                        (("1"
                                                                                                          (assert)
                                                                                                          (("1"
                                                                                                            (expand
                                                                                                             "length"
                                                                                                             1
                                                                                                             1)
                                                                                                            (("1"
                                                                                                              (assert)
                                                                                                              nil
                                                                                                              nil))
                                                                                                            nil))
                                                                                                          nil))
                                                                                                        nil))
                                                                                                      nil))
                                                                                                    nil))
                                                                                                  nil))
                                                                                                nil)
                                                                                               ("2"
                                                                                                (assert)
                                                                                                nil
                                                                                                nil))
                                                                                              nil))
                                                                                            nil))
                                                                                          nil))
                                                                                        nil))
                                                                                      nil))
                                                                                    nil))
                                                                                  nil))
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil)
                                                         ("2"
                                                          (hide-all-but
                                                           (-4
                                                            -9
                                                            -10
                                                            1
                                                            -7
                                                            -5))
                                                          (("2"
                                                            (lemma
                                                             "tr_add"
                                                             ("k1"
                                                              "k1!1"
                                                              "k2"
                                                              "pn!1-k1!1"
                                                              "cf0"
                                                              "(append(CA(a2!1), append(CA(a1!1), cons(BINARY(f!1), null[Instruction]))),
            e!1, s!1)"
                                                              "cf2"
                                                              "ac!1"))
                                                            (("2"
                                                              (assert)
                                                              (("2"
                                                                (skosimp)
                                                                (("2"
                                                                  (lemma
                                                                   "code_partial"
                                                                   ("k"
                                                                    "k1!1"
                                                                    "c0"
                                                                    "CA(a2!1)"
                                                                    "e0"
                                                                    "e!1"
                                                                    "s0"
                                                                    "s!1"
                                                                    "c1"
                                                                    "null[Instruction]"
                                                                    "e1"
                                                                    "cons(A(a2!1)(s!1), e!1)"
                                                                    "s1"
                                                                    "s!1"
                                                                    "c2"
                                                                    "append(CA(a1!1), cons(BINARY(f!1), null[Instruction]))"
                                                                    "e2"
                                                                    "null[int]"))
                                                                  (("2"
                                                                    (rewrite
                                                                     "append_null")
                                                                    (("2"
                                                                      (rewrite
                                                                       "append_null")
                                                                      (("2"
                                                                        (replace
                                                                         -5)
                                                                        (("2"
                                                                          (rewrite
                                                                           "append_assoc"
                                                                           -1
                                                                           :dir
                                                                           rl)
                                                                          (("2"
                                                                            (name-replace
                                                                             "CF0"
                                                                             "(append(append(CA(a2!1), CA(a1!1)),
                 cons(BINARY(f!1), null[Instruction])),
          e!1, s!1)")
                                                                            (("2"
                                                                              (expand
                                                                               "append"
                                                                               -1
                                                                               1)
                                                                              (("2"
                                                                                (lemma
                                                                                 "tr_eq"
                                                                                 ("k"
                                                                                  "k1!1"
                                                                                  "cf0"
                                                                                  "CF0"
                                                                                  "cf1"
                                                                                  "(append(CA(a1!1), cons(BINARY(f!1), null[Instruction])),
          cons(A(a2!1)(s!1), e!1), s!1)"
                                                                                  "cf2"
                                                                                  "cf1!1"))
                                                                                (("2"
                                                                                  (assert)
                                                                                  (("2"
                                                                                    (replace
                                                                                     -1
                                                                                     -4
                                                                                     rl)
                                                                                    (("2"
                                                                                      (propax)
                                                                                      nil
                                                                                      nil))
                                                                                    nil))
                                                                                  nil))
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil)
                                                     ("2"
                                                      (hide-all-but
                                                       (-2 1))
                                                      (("2"
                                                        (case-replace
                                                         "k2!2=0")
                                                        (("1"
                                                          (expand "tr")
                                                          (("1"
                                                            (propax)
                                                            nil
                                                            nil))
                                                          nil)
                                                         ("2"
                                                          (expand "tr")
                                                          (("2"
                                                            (expand
                                                             "step")
                                                            (("2"
                                                              (expand
                                                               "check2")
                                                              (("2"
                                                                (assert)
                                                                (("2"
                                                                  (flatten)
                                                                  (("2"
                                                                    (case-replace
                                                                     "null?(e1!2)")
                                                                    (("2"
                                                                      (case-replace
                                                                       "null?(cdr(e1!2))")
                                                                      (("1"
                                                                        (assert)
                                                                        (("1"
                                                                          (expand
                                                                           "pop")
                                                                          (("1"
                                                                            (expand
                                                                             "top")
                                                                            (("1"
                                                                              (expand
                                                                               "push")
                                                                              (("1"
                                                                                (expand
                                                                                 "tr")
                                                                                (("1"
                                                                                  (propax)
                                                                                  nil
                                                                                  nil))
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil)
                                                                       ("2"
                                                                        (assert)
                                                                        nil
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil)
                                         ("2" (assert) nil nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil))
    nil)
   ((code_split formula-decl nil am nil)
    (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
     integers nil)
    (tr_add formula-decl nil am nil)
    (append_null formula-decl nil list_props nil)
    (append_assoc formula-decl nil list_props nil)
    (tr_eq formula-decl nil am nil)
    (code_partial formula-decl nil am nil)
    (real_lt_is_strict_total_order name-judgement
     "(strict_total_order?[real])" real_props nil)
    (check2 const-decl "bool" am nil)
    (cdr adt-accessor-decl "[(cons?) -> list]" list_adt nil)
    (pop const-decl "Stack" am nil) (top const-decl "int" am nil)
    (nnint_plus_posint_is_posint application-judgement "posint"
     integers nil)
    (CF0 skolem-const-decl "[Code[V], (cons?), State[V]]" bisimulation
     nil)
    (minus_odd_is_odd application-judgement "odd_int" integers nil)
    (real_gt_is_strict_total_order name-judgement
     "(strict_total_order?[real])" real_props nil)
    (eq_AExp formula-decl nil bisimulation nil)
    (correct_AExp formula-decl nil bisimulation nil)
    (AExp_induction formula-decl nil AExp nil)
    (int_minus_int_is_int application-judgement "int" integers nil)
    (real_ge_is_total_order name-judgement "(total_order?[real])"
     real_props nil)
    (push const-decl "Stack" am nil) (step const-decl "Config" am nil)
    (real_le_is_total_order name-judgement "(total_order?[real])"
     real_props nil)
    (= const-decl "[T, T -> boolean]" equalities nil)
    (int_plus_int_is_int application-judgement "int" integers nil)
    (- const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (* const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (mult_divides1 application-judgement "(divides(n))" divides nil)
    (mult_divides2 application-judgement "(divides(m))" divides nil)
    (posint_plus_nnint_is_posint application-judgement "posint"
     integers nil)
    (V formal-nonempty-type-decl nil bisimulation nil)
    (AExp type-decl nil AExp nil)
    (number nonempty-type-decl nil numbers nil)
    (boolean nonempty-type-decl nil booleans nil)
    (number_field_pred const-decl "[number -> boolean]" number_fields
     nil)
    (number_field nonempty-type-from-decl nil number_fields nil)
    (real_pred const-decl "[number_field -> boolean]" reals nil)
    (real nonempty-type-from-decl nil reals nil)
    (rational_pred const-decl "[real -> boolean]" rationals nil)
    (rational nonempty-type-from-decl nil rationals nil)
    (integer_pred const-decl "[rational -> boolean]" integers nil)
    (int nonempty-type-eq-decl nil integers nil)
    (bool nonempty-type-eq-decl nil booleans nil)
    (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
    (AND const-decl "[bool, bool -> bool]" booleans nil)
    (Instruction type-decl nil Instruction nil)
    (list type-decl nil list_adt nil)
    (Code nonempty-type-eq-decl nil Instruction nil)
    (PRED type-eq-decl nil defined_types nil)
    (every adt-def-decl "boolean" list_adt nil)
    (Stack nonempty-type-eq-decl nil am nil)
    (State nonempty-type-eq-decl nil State nil)
    (Config nonempty-type-eq-decl nil am nil)
    (>= const-decl "bool" reals nil)
    (nat nonempty-type-eq-decl nil naturalnumbers nil)
    (nonneg_int nonempty-type-eq-decl nil integers nil)
    (> const-decl "bool" reals nil)
    (posnat nonempty-type-eq-decl nil integers nil)
    (tr def-decl "bool" am nil) (CA def-decl "Code" compiler nil)
    (null? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (null adt-constructor-decl "(null?)" list_adt nil)
    (cons? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (cons adt-constructor-decl "[[T, list] -> (cons?)]" list_adt nil)
    (A def-decl "[State -> int]" AExp nil)
    (<= const-decl "bool" reals nil)
    (length def-decl "nat" list_props nil)
    (numfield nonempty-type-eq-decl nil number_fields nil)
    (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (append def-decl "list[T]" list_props nil)
    (BINARY? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (BINARY adt-constructor-decl "[[[int, int] -> int] -> (BINARY?)]"
     Instruction nil))
   shostak))
 (eq_BExp 0
  (eq_BExp-1 nil 3399387180
   ("" (skosimp*)
    (("" (lemma "trich_lt" ("x" "m!1" "y" "n!1"))
      (("" (split -1)
        (("1"
          (lemma "tr_add"
           ("k1" "m!1" "k2" "n!1-m!1" "cf0" "(CB(b!1), e!1, s!1)" "cf2"
            "(null[Instruction], cons(b2n(B(b!1)(s!1)), e!1), s!1)"))
          (("1" (assert)
            (("1" (skosimp)
              (("1"
                (lemma "tr_eq"
                 ("k" "m!1" "cf0" "(CB(b!1), e!1, s!1)" "cf1" "cf1!1"
                  "cf2" "ac!1"))
                (("1" (assert)
                  (("1" (replace -1)
                    (("1" (expand "tr" -3) (("1" (propax) nil nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (assert) nil nil))
          nil)
         ("2" (replace -1)
          (("2"
            (lemma "tr_eq"
             ("k" "n!1" "cf0" "(CB(b!1), e!1, s!1)" "cf1" "ac!1" "cf2"
              "(null[Instruction], cons(b2n(B(b!1)(s!1)), e!1), s!1)"))
            (("2" (assert) nil nil)) nil))
          nil)
         ("3"
          (lemma "tr_add"
           ("k1" "n!1" "k2" "m!1-n!1" "cf0" "(CB(b!1), e!1, s!1)" "cf2"
            "ac!1"))
          (("1" (assert)
            (("1" (skosimp)
              (("1"
                (lemma "tr_eq"
                 ("k" "n!1" "cf0" "(CB(b!1), e!1, s!1)" "cf1" "cf1!1"
                  "cf2"
                  "(null[Instruction], cons(b2n(B(b!1)(s!1)), e!1), s!1)"))
                (("1" (assert)
                  (("1" (replace -1)
                    (("1" (expand "tr" -3) (("1" (propax) nil nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (assert) nil nil))
          nil))
        nil))
      nil))
    nil)
   ((nat nonempty-type-eq-decl nil naturalnumbers nil)
    (>= const-decl "bool" reals nil)
    (bool nonempty-type-eq-decl nil booleans nil)
    (int nonempty-type-eq-decl nil integers nil)
    (integer_pred const-decl "[rational -> boolean]" integers nil)
    (rational nonempty-type-from-decl nil rationals nil)
    (rational_pred const-decl "[real -> boolean]" rationals nil)
    (real nonempty-type-from-decl nil reals nil)
    (real_pred const-decl "[number_field -> boolean]" reals nil)
    (number_field nonempty-type-from-decl nil number_fields nil)
    (number_field_pred const-decl "[number -> boolean]" number_fields
     nil)
    (boolean nonempty-type-decl nil booleans nil)
    (number nonempty-type-decl nil numbers nil)
    (trich_lt formula-decl nil real_props nil)
    (V formal-nonempty-type-decl nil bisimulation nil)
    (- const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (numfield nonempty-type-eq-decl nil number_fields nil)
    (B def-decl "[State -> bool]" BExp nil)
    (b2n const-decl "nbit" bit nil) (nbit type-eq-decl nil bit nil)
    (< const-decl "bool" reals nil)
    (cons adt-constructor-decl "[[T, list] -> (cons?)]" list_adt nil)
    (cons? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (null adt-constructor-decl "(null?)" list_adt nil)
    (null? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (CB def-decl "Code" compiler nil) (BExp type-decl nil BExp nil)
    (Config nonempty-type-eq-decl nil am nil)
    (State nonempty-type-eq-decl nil State nil)
    (Stack nonempty-type-eq-decl nil am nil)
    (AND const-decl "[bool, bool -> bool]" booleans nil)
    (every adt-def-decl "boolean" list_adt nil)
    (PRED type-eq-decl nil defined_types nil)
    (Code nonempty-type-eq-decl nil Instruction nil)
    (list type-decl nil list_adt nil)
    (Instruction type-decl nil Instruction nil)
    (tr_add formula-decl nil am nil)
    (int_minus_int_is_int application-judgement "int" integers nil)
    (real_ge_is_total_order name-judgement "(total_order?[real])"
     real_props nil)
    (tr def-decl "bool" am nil) (tr_eq formula-decl nil am nil)
    (real_lt_is_strict_total_order name-judgement
     "(strict_total_order?[real])" real_props nil)
    (int_plus_int_is_int application-judgement "int" integers nil))
   shostak))
 (BExp_steps 0
  (BExp_steps-1 nil 3399387606
   ("" (skosimp*)
    (("" (case-replace "n!1=0")
      (("1" (lemma "nonnull_CB" ("b" "b!1"))
        (("1" (expand "tr")
          (("1" (flatten) (("1" (assert) nil nil)) nil)) nil))
        nil)
       ("2" (assert) nil nil))
      nil))
    nil)
   ((number nonempty-type-decl nil numbers nil)
    (boolean nonempty-type-decl nil booleans nil)
    (= const-decl "[T, T -> boolean]" equalities nil)
    (number_field_pred const-decl "[number -> boolean]" number_fields
     nil)
    (number_field nonempty-type-from-decl nil number_fields nil)
    (real_pred const-decl "[number_field -> boolean]" reals nil)
    (real nonempty-type-from-decl nil reals nil)
    (rational_pred const-decl "[real -> boolean]" rationals nil)
    (rational nonempty-type-from-decl nil rationals nil)
    (integer_pred const-decl "[rational -> boolean]" integers nil)
    (int nonempty-type-eq-decl nil integers nil)
    (bool nonempty-type-eq-decl nil booleans nil)
    (>= const-decl "bool" reals nil)
    (nat nonempty-type-eq-decl nil naturalnumbers nil)
    (tr def-decl "bool" am nil)
    (V formal-nonempty-type-decl nil bisimulation nil)
    (BExp type-decl nil BExp nil)
    (nonnull_CB formula-decl nil compiler nil)
    (real_ge_is_total_order name-judgement "(total_order?[real])"
     real_props nil))
   shostak))
 (BExp_e 0
  (BExp_e-1 nil 3399401505
   ("" (induct "b")
    (("1" (skosimp*)
      (("1" (expand "CB")
        (("1" (expand "tr")
          (("1" (case-replace "n!1=0")
            (("1" (case-replace "n!1=1")
              (("1" (assert)
                (("1" (flatten)
                  (("1" (expand "step")
                    (("1" (expand "B")
                      (("1" (expand "push")
                        (("1" (expand "tr")
                          (("1" (assert)
                            (("1" (replace -3 * rl)
                              (("1"
                                (assert)
                                (("1"
                                  (expand "length" 4 1)
                                  (("1" (assert) nil nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil)
               ("2" (assert)
                (("2" (expand "step")
                  (("2" (expand "push")
                    (("2" (expand "B")
                      (("2" (expand "tr") (("2" (propax) nil nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("2" (skosimp*)
      (("2" (expand "CB")
        (("2" (expand "B")
          (("2" (expand "tr")
            (("2" (expand "step")
              (("2" (expand "tr")
                (("2" (expand "push")
                  (("2" (prop)
                    (("2" (replace -2 * rl)
                      (("2" (assert)
                        (("2" (expand "length" 2 1)
                          (("2" (assert) nil nil)) nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("3" (skolem + ("a!1" "a!2"))
      (("3" (skosimp)
        (("3" (expand "CB")
          (("3" (expand "B")
            (("3"
              (lemma "correct_AExp" ("a" "a!2" "e" "e!1" "s" "s!1"))
              (("3" (skosimp)
                (("3"
                  (lemma "correct_AExp"
                   ("a" "a!1" "e" "cons(A(a!2)(s!1), e!1)" "s" "s!1"))
                  (("3" (skosimp)
                    (("3"
                      (lemma "code_split"
                       ("c1" "CA(a!2)" "c2" "append(CA(a!1),
                          cons(BINARY(LAMBDA (i, j:int): b2n(i = j)), null[Instruction]))"
                        "e" "e!1" "s" "s!1" "e2"
                        "cons(b2n(A(a!1)(s!1) = A(a!2)(s!1)), e!1)"
                        "s2" "s!1" "k" "n!1"))
                      (("3" (assert)
                        (("3" (skosimp)
                          (("3"
                            (lemma "eq_AExp"
                             ("a" "a!2" "e" "e!1" "s" "s!1" "ac"
                              "(null[Instruction], e1!1, s1!1)" "n"
                              "n!2" "m" "k1!1"))
                            (("3" (assert)
                              (("3"
                                (flatten)
                                (("3"
                                  (replace -1)
                                  (("3"
                                    (replace -2)
                                    (("3"
                                      (replace -3)
                                      (("3"
                                        (hide -1 -2 -3 -8)
                                        (("3"
                                          (lemma
                                           "code_split"
                                           ("c1"
                                            "CA(a!1)"
                                            "c2"
                                            "cons(BINARY(LAMBDA (i, j: int): b2n(i = j)),
                      null[Instruction])"
                                            "e"
                                            "cons(A(a!2)(s!1), e!1)"
                                            "s"
                                            "s!1"
                                            "e2"
                                            "cons(b2n(A(a!1)(s!1) = A(a!2)(s!1)), e!1)"
                                            "s2"
                                            "s!1"
                                            "k"
                                            "k2!1"))
                                          (("3"
                                            (assert)
                                            (("3"
                                              (skosimp)
                                              (("3"
                                                (case-replace "k2!2=1")
                                                (("1"
                                                  (hide -1)
                                                  (("1"
                                                    (lemma
                                                     "eq_AExp"
                                                     ("n"
                                                      "n!3"
                                                      "a"
                                                      "a!1"
                                                      "e"
                                                      "cons(A(a!2)(s!1), e!1)"
                                                      "s"
                                                      "s!1"
                                                      "m"
                                                      "k1!2"
                                                      "ac"
                                                      "(null[Instruction], e1!2, s1!2)"))
                                                    (("1"
                                                      (assert)
                                                      (("1"
                                                        (flatten)
                                                        (("1"
                                                          (replace -1)
                                                          (("1"
                                                            (replace
                                                             -2)
                                                            (("1"
                                                              (replace
                                                               -3)
                                                              (("1"
                                                                (hide
                                                                 -10
                                                                 -1
                                                                 -2
                                                                 -3)
                                                                (("1"
                                                                  (case
                                                                   "pn!1<=k1!1")
                                                                  (("1"
                                                                    (hide-all-but
                                                                     (-1
                                                                      -5
                                                                      -10
                                                                      1))
                                                                    (("1"
                                                                      (lemma
                                                                       "tr_add"
                                                                       ("k1"
                                                                        "pn!1"
                                                                        "k2"
                                                                        "k1!1-pn!1"
                                                                        "cf0"
                                                                        "(CA(a!2), e!1, s!1)"
                                                                        "cf2"
                                                                        "(null[Instruction], cons(A(a!2)(s!1), e!1), s!1)"))
                                                                      (("1"
                                                                        (assert)
                                                                        (("1"
                                                                          (skosimp)
                                                                          (("1"
                                                                            (lemma
                                                                             "code_partial"
                                                                             ("c0"
                                                                              "CA(a!2)"
                                                                              "e0"
                                                                              "e!1"
                                                                              "s0"
                                                                              "s!1"
                                                                              "c1"
                                                                              "cf1!1`1"
                                                                              "e1"
                                                                              "cf1!1`2"
                                                                              "s1"
                                                                              "cf1!1`3"
                                                                              "c2"
                                                                              "append(CA(a!1),
                          cons(BINARY(LAMBDA (i, j:int): b2n(i = j)), null[Instruction]))"
                                                                              "e2"
                                                                              "null[int]"
                                                                              "k"
                                                                              "pn!1"))
                                                                            (("1"
                                                                              (case-replace
                                                                               "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                                              (("1"
                                                                                (assert)
                                                                                (("1"
                                                                                  (rewrite
                                                                                   "append_null")
                                                                                  (("1"
                                                                                    (rewrite
                                                                                     "append_null")
                                                                                    (("1"
                                                                                      (name-replace
                                                                                       "CF0"
                                                                                       "(append(CA(a!2),
                 append(CA(a!1),
                        cons(BINARY(LAMBDA (i, j: int): b2n(i = j)),
                             null[Instruction]))),
          e!1, s!1)")
                                                                                      (("1"
                                                                                        (lemma
                                                                                         "tr_eq"
                                                                                         ("k"
                                                                                          "pn!1"
                                                                                          "cf0"
                                                                                          "CF0"
                                                                                          "cf1"
                                                                                          "(append(cf1!1`1,
                 append(CA(a!1),
                        cons(BINARY(LAMBDA
                                    (i_1, j_1: int):
                                    b2n(i_1 = j_1)),
                             null[Instruction]))),
          cf1!1`2, cf1!1`3)"
                                                                                          "cf2"
                                                                                          "ac!1"))
                                                                                        (("1"
                                                                                          (assert)
                                                                                          (("1"
                                                                                            (replace
                                                                                             -1
                                                                                             1
                                                                                             rl)
                                                                                            (("1"
                                                                                              (assert)
                                                                                              (("1"
                                                                                                (hide-all-but
                                                                                                 (-4
                                                                                                  -6
                                                                                                  -7
                                                                                                  1))
                                                                                                (("1"
                                                                                                  (lemma
                                                                                                   "AExp_e"
                                                                                                   ("n"
                                                                                                    "k1!1"
                                                                                                    "a"
                                                                                                    "a!2"
                                                                                                    "e"
                                                                                                    "e!1"
                                                                                                    "s"
                                                                                                    "s!1"
                                                                                                    "pn"
                                                                                                    "pn!1"
                                                                                                    "ac"
                                                                                                    "cf1!1"))
                                                                                                  (("1"
                                                                                                    (assert)
                                                                                                    nil
                                                                                                    nil))
                                                                                                  nil))
                                                                                                nil))
                                                                                              nil))
                                                                                            nil))
                                                                                          nil))
                                                                                        nil))
                                                                                      nil))
                                                                                    nil))
                                                                                  nil))
                                                                                nil)
                                                                               ("2"
                                                                                (decompose-equality)
                                                                                nil
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil)
                                                                       ("2"
                                                                        (assert)
                                                                        nil
                                                                        nil))
                                                                      nil))
                                                                    nil)
                                                                   ("2"
                                                                    (case
                                                                     "k1!1+1 <= pn!1")
                                                                    (("1"
                                                                      (hide
                                                                       1)
                                                                      (("1"
                                                                        (replace
                                                                         -4
                                                                         *
                                                                         rl)
                                                                        (("1"
                                                                          (replace
                                                                           -7
                                                                           *
                                                                           rl)
                                                                          (("1"
                                                                            (assert)
                                                                            (("1"
                                                                              (hide
                                                                               -4
                                                                               -7)
                                                                              (("1"
                                                                                (expand
                                                                                 "<="
                                                                                 -7)
                                                                                (("1"
                                                                                  (split
                                                                                   -7)
                                                                                  (("1"
                                                                                    (lemma
                                                                                     "AExp_e"
                                                                                     ("n"
                                                                                      "k1!2"
                                                                                      "a"
                                                                                      "a!1"
                                                                                      "e"
                                                                                      "cons(A(a!2)(s!1), e!1)"
                                                                                      "s"
                                                                                      "s!1"
                                                                                      "pn"
                                                                                      "pn!1-k1!1"))
                                                                                    (("1"
                                                                                      (replace
                                                                                       -4)
                                                                                      (("1"
                                                                                        (expand
                                                                                         "length"
                                                                                         -1
                                                                                         2)
                                                                                        (("1"
                                                                                          (assert)
                                                                                          (("1"
                                                                                            (lemma
                                                                                             "tr_add"
                                                                                             ("k1"
                                                                                              "pn!1-k1!1"
                                                                                              "k2"
                                                                                              "k1!1+k1!2-pn!1"
                                                                                              "cf0"
                                                                                              "(CA(a!1), cons(A(a!2)(s!1), e!1), s!1)"
                                                                                              "cf2"
                                                                                              "(null[Instruction], cons(A(a!1)(s!1), cons(A(a!2)(s!1), e!1)), s!1)"))
                                                                                            (("1"
                                                                                              (assert)
                                                                                              (("1"
                                                                                                (skosimp)
                                                                                                (("1"
                                                                                                  (inst
                                                                                                   -3
                                                                                                   "cf1!1")
                                                                                                  (("1"
                                                                                                    (assert)
                                                                                                    (("1"
                                                                                                      (hide
                                                                                                       -2)
                                                                                                      (("1"
                                                                                                        (lemma
                                                                                                         "code_partial"
                                                                                                         ("c0"
                                                                                                          "CA(a!2)"
                                                                                                          "e0"
                                                                                                          "e!1"
                                                                                                          "s0"
                                                                                                          "s!1"
                                                                                                          "c1"
                                                                                                          "null[Instruction]"
                                                                                                          "e1"
                                                                                                          "cons(A(a!2)(s!1), e!1)"
                                                                                                          "s1"
                                                                                                          "s!1"
                                                                                                          "c2"
                                                                                                          "append(CA(a!1),
                 cons(BINARY(LAMBDA (i, j: int): b2n(i = j)),
                      null[Instruction]))"
                                                                                                          "e2"
                                                                                                          "null[int]"
                                                                                                          "k"
                                                                                                          "k1!1"))
                                                                                                        (("1"
                                                                                                          (assert)
                                                                                                          (("1"
                                                                                                            (rewrite
                                                                                                             "append_null")
                                                                                                            (("1"
                                                                                                              (rewrite
                                                                                                               "append_null")
                                                                                                              (("1"
                                                                                                                (expand
                                                                                                                 "append"
                                                                                                                 -1
                                                                                                                 3)
                                                                                                                (("1"
                                                                                                                  (hide
                                                                                                                   -7
                                                                                                                   -9
                                                                                                                   -10)
                                                                                                                  (("1"
                                                                                                                    (lemma
                                                                                                                     "code_partial"
                                                                                                                     ("c0"
                                                                                                                      "CA(a!1)"
                                                                                                                      "e0"
                                                                                                                      "cons(A(a!2)(s!1), e!1)"
                                                                                                                      "s0"
                                                                                                                      "s!1"
                                                                                                                      "c1"
                                                                                                                      "cf1!1`1"
                                                                                                                      "e1"
                                                                                                                      "cf1!1`2"
                                                                                                                      "s1"
                                                                                                                      "cf1!1`3"
                                                                                                                      "c2"
                                                                                                                      "cons(BINARY(LAMBDA (i, j: int): b2n(i = j)),
                             null[Instruction])"
                                                                                                                      "e2"
                                                                                                                      "null[int]"
                                                                                                                      "k"
                                                                                                                      "pn!1-k1!1"))
                                                                                                                    (("1"
                                                                                                                      (case-replace
                                                                                                                       "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                                                                                      (("1"
                                                                                                                        (replace
                                                                                                                         -4)
                                                                                                                        (("1"
                                                                                                                          (rewrite
                                                                                                                           "append_null")
                                                                                                                          (("1"
                                                                                                                            (rewrite
                                                                                                                             "append_null")
                                                                                                                            (("1"
                                                                                                                              (hide
                                                                                                                               -1)
                                                                                                                              (("1"
                                                                                                                                (name-replace
                                                                                                                                 "CODE1"
                                                                                                                                 "append(CA(a!1),
                 cons(BINARY(LAMBDA (i, j: int): b2n(i = j)),
                      null[Instruction]))")
                                                                                                                                (("1"
                                                                                                                                  (hide
                                                                                                                                   -3
                                                                                                                                   -8
                                                                                                                                   -7)
                                                                                                                                  (("1"
                                                                                                                                    (lemma
                                                                                                                                     "tr_add"
                                                                                                                                     ("k1"
                                                                                                                                      "k1!1"
                                                                                                                                      "k2"
                                                                                                                                      "pn!1-k1!1"
                                                                                                                                      "cf0"
                                                                                                                                      "(append(CA(a!2), CODE1), e!1, s!1)"
                                                                                                                                      "cf2"
                                                                                                                                      "(append(cf1!1`1,
                 cons(BINARY(LAMBDA (i_1, j_1: int): b2n(i_1 = j_1)),
                      null[Instruction])),
          cf1!1`2, cf1!1`3)"))
                                                                                                                                    (("1"
                                                                                                                                      (flatten
                                                                                                                                       -1)
                                                                                                                                      (("1"
                                                                                                                                        (hide
                                                                                                                                         -1)
                                                                                                                                        (("1"
                                                                                                                                          (split)
                                                                                                                                          (("1"
                                                                                                                                            (assert)
                                                                                                                                            (("1"
                                                                                                                                              (lemma
                                                                                                                                               "tr_eq"
                                                                                                                                               ("k"
                                                                                                                                                "pn!1"
                                                                                                                                                "cf0"
                                                                                                                                                "(append(CA(a!2), CODE1), e!1, s!1)"
                                                                                                                                                "cf1"
                                                                                                                                                "(append(cf1!1`1,
                 cons(BINARY(LAMBDA (i_1, j_1: int): b2n(i_1 = j_1)),
                      null[Instruction])),
          cf1!1`2, cf1!1`3)"
                                                                                                                                                "cf2"
                                                                                                                                                "ac!1"))
                                                                                                                                              (("1"
                                                                                                                                                (assert)
                                                                                                                                                nil
                                                                                                                                                nil))
                                                                                                                                              nil))
                                                                                                                                            nil)
                                                                                                                                           ("2"
                                                                                                                                            (inst
                                                                                                                                             +
                                                                                                                                             "(CODE1, cons(A(a!2)(s!1), e!1), s!1)")
                                                                                                                                            (("2"
                                                                                                                                              (assert)
                                                                                                                                              nil
                                                                                                                                              nil))
                                                                                                                                            nil))
                                                                                                                                          nil))
                                                                                                                                        nil))
                                                                                                                                      nil))
                                                                                                                                    nil))
                                                                                                                                  nil))
                                                                                                                                nil))
                                                                                                                              nil))
                                                                                                                            nil))
                                                                                                                          nil))
                                                                                                                        nil)
                                                                                                                       ("2"
                                                                                                                        (decompose-equality)
                                                                                                                        nil
                                                                                                                        nil))
                                                                                                                      nil))
                                                                                                                    nil))
                                                                                                                  nil))
                                                                                                                nil))
                                                                                                              nil))
                                                                                                            nil))
                                                                                                          nil))
                                                                                                        nil))
                                                                                                      nil))
                                                                                                    nil))
                                                                                                  nil))
                                                                                                nil))
                                                                                              nil))
                                                                                            nil))
                                                                                          nil))
                                                                                        nil))
                                                                                      nil))
                                                                                    nil)
                                                                                   ("2"
                                                                                    (replace
                                                                                     -1)
                                                                                    (("2"
                                                                                      (name-replace
                                                                                       "NN"
                                                                                       "1 + k1!1 + k1!2")
                                                                                      (("2"
                                                                                        (hide-all-but
                                                                                         (-7
                                                                                          -8
                                                                                          1))
                                                                                        (("2"
                                                                                          (name-replace
                                                                                           "CF0"
                                                                                           "(append(CA(a!2),
                   append(CA(a!1),
                          cons(BINARY(LAMBDA (i, j:int): b2n(i = j)), null[Instruction]))),
            e!1, s!1)")
                                                                                          (("2"
                                                                                            (lemma
                                                                                             "tr_eq"
                                                                                             ("k"
                                                                                              "NN"
                                                                                              "cf0"
                                                                                              "CF0"
                                                                                              "cf1"
                                                                                              "(null[Instruction], cons(b2n(A(a!1)(s!1) = A(a!2)(s!1)), e!1), s!1)"
                                                                                              "cf2"
                                                                                              "ac!1"))
                                                                                            (("2"
                                                                                              (assert)
                                                                                              (("2"
                                                                                                (replace
                                                                                                 -1
                                                                                                 *
                                                                                                 rl)
                                                                                                (("2"
                                                                                                  (assert)
                                                                                                  (("2"
                                                                                                    (expand
                                                                                                     "length"
                                                                                                     1
                                                                                                     1)
                                                                                                    (("2"
                                                                                                      (assert)
                                                                                                      nil
                                                                                                      nil))
                                                                                                    nil))
                                                                                                  nil))
                                                                                                nil))
                                                                                              nil))
                                                                                            nil))
                                                                                          nil))
                                                                                        nil))
                                                                                      nil))
                                                                                    nil))
                                                                                  nil))
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil)
                                                                     ("2"
                                                                      (assert)
                                                                      nil
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil)
                                                 ("2"
                                                  (hide-all-but (-2 1))
                                                  (("2"
                                                    (case-replace
                                                     "k2!2=0")
                                                    (("1"
                                                      (expand "tr")
                                                      (("1"
                                                        (propax)
                                                        nil
                                                        nil))
                                                      nil)
                                                     ("2"
                                                      (expand "tr")
                                                      (("2"
                                                        (expand "step")
                                                        (("2"
                                                          (expand
                                                           "check2")
                                                          (("2"
                                                            (assert)
                                                            (("2"
                                                              (flatten)
                                                              (("2"
                                                                (expand
                                                                 "push")
                                                                (("2"
                                                                  (expand
                                                                   "pop")
                                                                  (("2"
                                                                    (expand
                                                                     "top")
                                                                    (("2"
                                                                      (case-replace
                                                                       "null?(e1!2)")
                                                                      (("2"
                                                                        (case-replace
                                                                         "null?(cdr(e1!2))")
                                                                        (("1"
                                                                          (assert)
                                                                          (("1"
                                                                            (expand
                                                                             "tr")
                                                                            (("1"
                                                                              (propax)
                                                                              nil
                                                                              nil))
                                                                            nil))
                                                                          nil)
                                                                         ("2"
                                                                          (assert)
                                                                          nil
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("4" (skolem + ("a!1" "a!2"))
      (("4" (skosimp)
        (("4" (expand "CB")
          (("4" (expand "B")
            (("4"
              (lemma "code_split"
               ("k" "n!1" "c1" "CA(a!2)" "c2" "append(CA(a!1),
                          cons(BINARY(LAMBDA (i, j:int): b2n(i <= j)), null[Instruction]))"
                "e" "e!1" "s" "s!1" "e2"
                "cons(b2n(A(a!1)(s!1) <= A(a!2)(s!1)), e!1)" "s2"
                "s!1"))
              (("4" (assert)
                (("4" (skosimp)
                  (("4"
                    (lemma "correct_AExp"
                     ("a" "a!2" "e" "e!1" "s" "s!1"))
                    (("4" (skosimp)
                      (("4"
                        (lemma "eq_AExp"
                         ("n" "n!2" "a" "a!2" "e" "e!1" "s" "s!1" "ac"
                          "(null[Instruction], e1!1, s1!1)" "m"
                          "k1!1"))
                        (("4" (assert)
                          (("4" (flatten)
                            (("4" (replace -1)
                              (("4"
                                (replace -2)
                                (("4"
                                  (replace -3)
                                  (("4"
                                    (hide -1 -2 -3 -4)
                                    (("4"
                                      (expand "<=" -5)
                                      (("4"
                                        (split -5)
                                        (("1"
                                          (hide -5)
                                          (("1"
                                            (case "pn!1<=k1!1")
                                            (("1"
                                              (hide -2 -4)
                                              (("1"
                                                (lemma
                                                 "tr_add"
                                                 ("k1"
                                                  "pn!1"
                                                  "k2"
                                                  "k1!1-pn!1"
                                                  "cf0"
                                                  "(CA(a!2), e!1, s!1)"
                                                  "cf2"
                                                  "(null[Instruction], cons(A(a!2)(s!1), e!1), s!1)"))
                                                (("1"
                                                  (assert)
                                                  (("1"
                                                    (skosimp)
                                                    (("1"
                                                      (hide -2)
                                                      (("1"
                                                        (lemma
                                                         "AExp_e"
                                                         ("n"
                                                          "k1!1"
                                                          "a"
                                                          "a!2"
                                                          "e"
                                                          "e!1"
                                                          "s"
                                                          "s!1"
                                                          "pn"
                                                          "pn!1"
                                                          "ac"
                                                          "cf1!1"))
                                                        (("1"
                                                          (assert)
                                                          (("1"
                                                            (lemma
                                                             "code_partial"
                                                             ("k"
                                                              "pn!1"
                                                              "c0"
                                                              "CA(a!2)"
                                                              "e0"
                                                              "e!1"
                                                              "s0"
                                                              "s!1"
                                                              "c1"
                                                              "cf1!1`1"
                                                              "e1"
                                                              "cf1!1`2"
                                                              "s1"
                                                              "cf1!1`3"
                                                              "c2"
                                                              "append(CA(a!1),
                          cons(BINARY(LAMBDA (i, j:int): b2n(i <= j)), null[Instruction]))"
                                                              "e2"
                                                              "null[int]"))
                                                            (("1"
                                                              (case-replace
                                                               "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                              (("1"
                                                                (assert)
                                                                (("1"
                                                                  (rewrite
                                                                   "append_null")
                                                                  (("1"
                                                                    (rewrite
                                                                     "append_null")
                                                                    (("1"
                                                                      (name-replace
                                                                       "CF0"
                                                                       "(append(CA(a!2),
                 append(CA(a!1),
                        cons(BINARY(LAMBDA (i, j: int): b2n(i <= j)),
                             null[Instruction]))),
          e!1, s!1)")
                                                                      (("1"
                                                                        (lemma
                                                                         "tr_eq"
                                                                         ("k"
                                                                          "pn!1"
                                                                          "cf0"
                                                                          "CF0"
                                                                          "cf1"
                                                                          "(append(cf1!1`1,
                 append(CA(a!1),
                        cons(BINARY(LAMBDA
                                    (i_1, j_1: int):
                                    b2n(i_1 <= j_1)),
                             null[Instruction]))),
          cf1!1`2, cf1!1`3)"
                                                                          "cf2"
                                                                          "ac!1"))
                                                                        (("1"
                                                                          (assert)
                                                                          nil
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil)
                                                               ("2"
                                                                (decompose-equality)
                                                                nil
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil)
                                                 ("2"
                                                  (assert)
                                                  nil
                                                  nil))
                                                nil))
                                              nil)
                                             ("2"
                                              (case "k1!1+1<=pn!1")
                                              (("1"
                                                (hide 1)
                                                (("1"
                                                  (lemma
                                                   "code_split"
                                                   ("k"
                                                    "k2!1"
                                                    "c1"
                                                    "CA(a!1)"
                                                    "c2"
                                                    "cons(BINARY(LAMBDA (i, j: int): b2n(i <= j)), null[Instruction])"
                                                    "e"
                                                    "cons(A(a!2)(s!1), e!1)"
                                                    "s"
                                                    "s!1"
                                                    "e2"
                                                    "cons(b2n(A(a!1)(s!1) <= A(a!2)(s!1)), e!1)"
                                                    "s2"
                                                    "s!1"))
                                                  (("1"
                                                    (assert)
                                                    (("1"
                                                      (skosimp)
                                                      (("1"
                                                        (case-replace
                                                         "k2!2=1")
                                                        (("1"
                                                          (hide
                                                           -1
                                                           -3
                                                           -8)
                                                          (("1"
                                                            (lemma
                                                             "correct_AExp"
                                                             ("a"
                                                              "a!1"
                                                              "e"
                                                              "cons(A(a!2)(s!1), e!1)"
                                                              "s"
                                                              "s!1"))
                                                            (("1"
                                                              (skosimp)
                                                              (("1"
                                                                (lemma
                                                                 "eq_AExp"
                                                                 ("a"
                                                                  "a!1"
                                                                  "n"
                                                                  "n!3"
                                                                  "e"
                                                                  "cons(A(a!2)(s!1), e!1)"
                                                                  "s"
                                                                  "s!1"
                                                                  "ac"
                                                                  "(null[Instruction], e1!2, s1!2)"
                                                                  "m"
                                                                  "k1!2"))
                                                                (("1"
                                                                  (assert)
                                                                  (("1"
                                                                    (flatten)
                                                                    (("1"
                                                                      (replace
                                                                       -2)
                                                                      (("1"
                                                                        (replace
                                                                         -3)
                                                                        (("1"
                                                                          (hide
                                                                           -1
                                                                           -2
                                                                           -3
                                                                           -4)
                                                                          (("1"
                                                                            (lemma
                                                                             "tr_add"
                                                                             ("k1"
                                                                              "pn!1-k1!1"
                                                                              "k2"
                                                                              "k1!1+k1!2-pn!1"
                                                                              "cf0"
                                                                              "(CA(a!1), cons(A(a!2)(s!1), e!1), s!1)"
                                                                              "cf2"
                                                                              "(null[Instruction], cons(A(a!1)(s!1), cons(A(a!2)(s!1), e!1)), s!1)"))
                                                                            (("1"
                                                                              (assert)
                                                                              (("1"
                                                                                (skosimp)
                                                                                (("1"
                                                                                  (lemma
                                                                                   "AExp_e"
                                                                                   ("n"
                                                                                    "k1!2"
                                                                                    "a"
                                                                                    "a!1"
                                                                                    "e"
                                                                                    "cons(A(a!2)(s!1), e!1)"
                                                                                    "s"
                                                                                    "s!1"
                                                                                    "pn"
                                                                                    "pn!1 - k1!1"
                                                                                    "ac"
                                                                                    "cf1!1"))
                                                                                  (("1"
                                                                                    (assert)
                                                                                    (("1"
                                                                                      (expand
                                                                                       "length"
                                                                                       -1
                                                                                       2)
                                                                                      (("1"
                                                                                        (hide
                                                                                         -4
                                                                                         -3)
                                                                                        (("1"
                                                                                          (lemma
                                                                                           "code_partial"
                                                                                           ("k"
                                                                                            "pn!1-k1!1"
                                                                                            "c0"
                                                                                            "CA(a!1)"
                                                                                            "e0"
                                                                                            "cons(A(a!2)(s!1), e!1)"
                                                                                            "s0"
                                                                                            "s!1"
                                                                                            "c1"
                                                                                            "cf1!1`1"
                                                                                            "e1"
                                                                                            "cf1!1`2"
                                                                                            "s1"
                                                                                            "cf1!1`3"
                                                                                            "c2"
                                                                                            "cons(BINARY(LAMBDA (i, j:int): b2n(i <= j)), null[Instruction])"
                                                                                            "e2"
                                                                                            "null[int]"))
                                                                                          (("1"
                                                                                            (case-replace
                                                                                             "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                                                            (("1"
                                                                                              (assert)
                                                                                              (("1"
                                                                                                (rewrite
                                                                                                 "append_null")
                                                                                                (("1"
                                                                                                  (rewrite
                                                                                                   "append_null")
                                                                                                  (("1"
                                                                                                    (name-replace
                                                                                                     "CODE1"
                                                                                                     "append(CA(a!1),
                 cons(BINARY(LAMBDA (i, j: int): b2n(i <= j)),
                      null[Instruction]))")
                                                                                                    (("1"
                                                                                                      (hide
                                                                                                       -1
                                                                                                       -4)
                                                                                                      (("1"
                                                                                                        (lemma
                                                                                                         "tr_add"
                                                                                                         ("k1"
                                                                                                          "k1!1"
                                                                                                          "k2"
                                                                                                          "pn!1-k1!1"
                                                                                                          "cf0"
                                                                                                          "(append(CA(a!2), CODE1), e!1, s!1)"
                                                                                                          "cf2"
                                                                                                          "(append(cf1!1`1,
                 cons(BINARY(LAMBDA (i_1, j_1: int): b2n(i_1 <= j_1)),
                      null[Instruction])),
          cf1!1`2, cf1!1`3)"))
                                                                                                        (("1"
                                                                                                          (flatten
                                                                                                           -1)
                                                                                                          (("1"
                                                                                                            (hide
                                                                                                             -1)
                                                                                                            (("1"
                                                                                                              (split
                                                                                                               -1)
                                                                                                              (("1"
                                                                                                                (assert)
                                                                                                                (("1"
                                                                                                                  (lemma
                                                                                                                   "tr_eq"
                                                                                                                   ("k"
                                                                                                                    "pn!1"
                                                                                                                    "cf0"
                                                                                                                    "(append(CA(a!2), CODE1), e!1, s!1)"
                                                                                                                    "cf1"
                                                                                                                    "(append(cf1!1`1,
                 cons(BINARY(LAMBDA (i_1, j_1: int): b2n(i_1 <= j_1)),
                      null[Instruction])),
          cf1!1`2, cf1!1`3)"
                                                                                                                    "cf2"
                                                                                                                    "ac!1"))
                                                                                                                  (("1"
                                                                                                                    (assert)
                                                                                                                    nil
                                                                                                                    nil))
                                                                                                                  nil))
                                                                                                                nil)
                                                                                                               ("2"
                                                                                                                (inst
                                                                                                                 +
                                                                                                                 "(CODE1, cons(A(a!2)(s!1), e!1), s!1)")
                                                                                                                (("2"
                                                                                                                  (assert)
                                                                                                                  (("2"
                                                                                                                    (hide-all-but
                                                                                                                     (-6
                                                                                                                      1))
                                                                                                                    (("2"
                                                                                                                      (lemma
                                                                                                                       "code_partial"
                                                                                                                       ("k"
                                                                                                                        "k1!1"
                                                                                                                        "c0"
                                                                                                                        "CA(a!2)"
                                                                                                                        "e0"
                                                                                                                        "e!1"
                                                                                                                        "s0"
                                                                                                                        "s!1"
                                                                                                                        "c1"
                                                                                                                        "null[Instruction]"
                                                                                                                        "e1"
                                                                                                                        "cons(A(a!2)(s!1), e!1)"
                                                                                                                        "s1"
                                                                                                                        "s!1"
                                                                                                                        "c2"
                                                                                                                        "CODE1"
                                                                                                                        "e2"
                                                                                                                        "null[int]"))
                                                                                                                      (("2"
                                                                                                                        (rewrite
                                                                                                                         "append_null")
                                                                                                                        (("2"
                                                                                                                          (rewrite
                                                                                                                           "append_null")
                                                                                                                          (("2"
                                                                                                                            (replace
                                                                                                                             -2)
                                                                                                                            (("2"
                                                                                                                              (expand
                                                                                                                               "append"
                                                                                                                               -1
                                                                                                                               2)
                                                                                                                              (("2"
                                                                                                                                (propax)
                                                                                                                                nil
                                                                                                                                nil))
                                                                                                                              nil))
                                                                                                                            nil))
                                                                                                                          nil))
                                                                                                                        nil))
                                                                                                                      nil))
                                                                                                                    nil))
                                                                                                                  nil))
                                                                                                                nil))
                                                                                                              nil))
                                                                                                            nil))
                                                                                                          nil))
                                                                                                        nil))
                                                                                                      nil))
                                                                                                    nil))
                                                                                                  nil))
                                                                                                nil))
                                                                                              nil)
                                                                                             ("2"
                                                                                              (decompose-equality)
                                                                                              nil
                                                                                              nil))
                                                                                            nil))
                                                                                          nil))
                                                                                        nil))
                                                                                      nil))
                                                                                    nil))
                                                                                  nil))
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil)
                                                         ("2"
                                                          (hide-all-but
                                                           (-2 1))
                                                          (("2"
                                                            (expand
                                                             "tr")
                                                            (("2"
                                                              (expand
                                                               "step")
                                                              (("2"
                                                                (expand
                                                                 "check2")
                                                                (("2"
                                                                  (expand
                                                                   "push")
                                                                  (("2"
                                                                    (expand
                                                                     "top")
                                                                    (("2"
                                                                      (expand
                                                                       "pop")
                                                                      (("2"
                                                                        (prop)
                                                                        (("2"
                                                                          (case-replace
                                                                           "null?(e1!2)")
                                                                          (("2"
                                                                            (case-replace
                                                                             "null?(cdr(e1!2))")
                                                                            (("1"
                                                                              (assert)
                                                                              (("1"
                                                                                (expand
                                                                                 "tr")
                                                                                (("1"
                                                                                  (propax)
                                                                                  nil
                                                                                  nil))
                                                                                nil))
                                                                              nil)
                                                                             ("2"
                                                                              (assert)
                                                                              nil
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil)
                                               ("2" (assert) nil nil))
                                              nil))
                                            nil))
                                          nil)
                                         ("2"
                                          (replace -1)
                                          (("2"
                                            (hide-all-but (-5 -6 1))
                                            (("2"
                                              (name-replace
                                               "CF0"
                                               "(append(CA(a!2),
                   append(CA(a!1),
                          cons(BINARY(LAMBDA (i, j:int): b2n(i <= j)), null[Instruction]))),
            e!1, s!1)")
                                              (("2"
                                                (lemma
                                                 "tr_eq"
                                                 ("k"
                                                  "n!1"
                                                  "cf0"
                                                  "CF0"
                                                  "cf1"
                                                  "(null[Instruction], cons(b2n(A(a!1)(s!1) <= A(a!2)(s!1)), e!1), s!1)"
                                                  "cf2"
                                                  "ac!1"))
                                                (("2"
                                                  (assert)
                                                  (("2"
                                                    (replace -1 1 rl)
                                                    (("2"
                                                      (assert)
                                                      (("2"
                                                        (expand
                                                         "length"
                                                         1
                                                         1)
                                                        (("2"
                                                          (assert)
                                                          nil
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("5" (skolem + ("b!1"))
      (("5" (skosimp*)
        (("5" (expand "CB" (-2 -4))
          (("5" (expand "B" -2)
            (("5"
              (lemma "correct_BExp" ("b" "b!1" "e" "e!1" "s" "s!1"))
              (("5" (skosimp)
                (("5"
                  (lemma "code_split"
                   ("k" "n!1" "c1" "CB(b!1)" "c2"
                    "cons(UNARY(LAMBDA (i:int): 1 - i), null[Instruction])"
                    "e" "e!1" "s" "s!1" "e2"
                    "cons(b2n(NOT (B(b!1)(s!1))), e!1)" "s2" "s!1"))
                  (("5" (assert)
                    (("5" (skosimp)
                      (("5"
                        (lemma "eq_BExp"
                         ("n" "n!2" "b" "b!1" "e" "e!1" "s" "s!1" "ac"
                          "(null[Instruction], e1!1, s1!1)" "m"
                          "k1!1"))
                        (("5" (assert)
                          (("5" (flatten)
                            (("5" (replace -1)
                              (("5"
                                (replace -2)
                                (("5"
                                  (replace -3)
                                  (("5"
                                    (hide -1 -2 -3 -7)
                                    (("5"
                                      (case-replace "k2!1=1")
                                      (("1"
                                        (hide -1)
                                        (("1"
                                          (expand "<=" -6)
                                          (("1"
                                            (split -6)
                                            (("1"
                                              (lemma
                                               "tr_add"
                                               ("k1"
                                                "pn!1"
                                                "k2"
                                                "k1!1-pn!1"
                                                "cf0"
                                                "(CB(b!1), e!1, s!1)"
                                                "cf2"
                                                "(null[Instruction], cons(b2n(B(b!1)(s!1)), e!1), s!1)"))
                                              (("1"
                                                (assert)
                                                (("1"
                                                  (skosimp)
                                                  (("1"
                                                    (lemma
                                                     "code_partial"
                                                     ("k"
                                                      "pn!1"
                                                      "c0"
                                                      "CB(b!1)"
                                                      "e0"
                                                      "e!1"
                                                      "s0"
                                                      "s!1"
                                                      "c1"
                                                      "cf1!1`1"
                                                      "e1"
                                                      "cf1!1`2"
                                                      "s1"
                                                      "cf1!1`3"
                                                      "c2"
                                                      "cons(UNARY(LAMBDA (i: int): 1 - i), null[Instruction])"
                                                      "e2"
                                                      "null[int]"))
                                                    (("1"
                                                      (case-replace
                                                       "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                      (("1"
                                                        (assert)
                                                        (("1"
                                                          (rewrite
                                                           "append_null")
                                                          (("1"
                                                            (rewrite
                                                             "append_null")
                                                            (("1"
                                                              (lemma
                                                               "tr_eq"
                                                               ("k"
                                                                "pn!1"
                                                                "cf0"
                                                                "(append(CB(b!1),
                 cons(UNARY(LAMBDA (i: int): 1 - i), null[Instruction])),
          e!1, s!1)"
                                                                "cf1"
                                                                "(append(cf1!1`1,
                 cons(UNARY(LAMBDA (i: int): 1 - i), null[Instruction])),
          cf1!1`2, cf1!1`3)"
                                                                "cf2"
                                                                "ac!1"))
                                                              (("1"
                                                                (assert)
                                                                (("1"
                                                                  (replace
                                                                   -1
                                                                   1
                                                                   rl)
                                                                  (("1"
                                                                    (assert)
                                                                    (("1"
                                                                      (hide
                                                                       -3
                                                                       -11
                                                                       -12
                                                                       -1)
                                                                      (("1"
                                                                        (inst
                                                                         -
                                                                         "cf1!1"
                                                                         "e!1"
                                                                         "k1!1"
                                                                         "pn!1"
                                                                         "s!1")
                                                                        (("1"
                                                                          (assert)
                                                                          nil
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil)
                                                       ("2"
                                                        (decompose-equality)
                                                        nil
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil)
                                               ("2" (assert) nil nil))
                                              nil)
                                             ("2"
                                              (replace -1)
                                              (("2"
                                                (name-replace
                                                 "CF0"
                                                 "(append(CB(b!1), cons(UNARY(LAMBDA (i:int): 1 - i), null[Instruction])), e!1, s!1)")
                                                (("2"
                                                  (hide-all-but
                                                   (-6 -7 1))
                                                  (("2"
                                                    (lemma
                                                     "tr_eq"
                                                     ("k"
                                                      "n!1"
                                                      "cf0"
                                                      "CF0"
                                                      "cf1"
                                                      "(null[Instruction], cons(b2n(NOT (B(b!1)(s!1))), e!1), s!1)"
                                                      "cf2"
                                                      "ac!1"))
                                                    (("2"
                                                      (assert)
                                                      (("2"
                                                        (replace
                                                         -1
                                                         1
                                                         rl)
                                                        (("2"
                                                          (assert)
                                                          (("2"
                                                            (expand
                                                             "length"
                                                             1
                                                             1)
                                                            (("2"
                                                              (assert)
                                                              nil
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil)
                                       ("2"
                                        (hide-all-but (1 -2))
                                        (("2"
                                          (expand "tr")
                                          (("2"
                                            (expand "step")
                                            (("2"
                                              (expand "check1")
                                              (("2"
                                                (expand "push")
                                                (("2"
                                                  (expand "pop")
                                                  (("2"
                                                    (expand "top")
                                                    (("2"
                                                      (prop)
                                                      (("2"
                                                        (expand "tr")
                                                        (("2"
                                                          (prop)
                                                          (("2"
                                                            (expand
                                                             "b2n")
                                                            (("2"
                                                              (case-replace
                                                               "B(b!1)(s!1)")
                                                              (("1"
                                                                (assert)
                                                                nil
                                                                nil)
                                                               ("2"
                                                                (assert)
                                                                nil
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("6" (skolem + ("b!1" "b!2"))
      (("6" (skosimp*)
        (("6" (expand "CB" (-3 -5))
          (("6" (expand "B" -3)
            (("6" (inst - "_" "_" "_" "_" "s!1")
              (("6" (inst - "_" "_" "_" "_" "s!1")
                (("6" (expand "<=" -4)
                  (("6" (split -4)
                    (("1"
                      (lemma "code_split"
                       ("k" "n!1" "c1" "CB(b!2)" "c2" "append(CB(b!1),
                          cons(BINARY(LAMBDA (i, j:int): i * j), null[Instruction]))"
                        "e" "e!1" "s" "s!1" "e2"
                        "cons(b2n(B(b!1)(s!1) AND B(b!2)(s!1)), e!1)"
                        "s2" "s!1"))
                      (("1" (assert)
                        (("1" (replace -5 -1)
                          (("1" (skosimp)
                            (("1"
                              (lemma "correct_BExp"
                               ("b" "b!2" "e" "e!1" "s" "s!1"))
                              (("1"
                                (skosimp)
                                (("1"
                                  (lemma
                                   "eq_BExp"
                                   ("b"
                                    "b!2"
                                    "e"
                                    "e!1"
                                    "s"
                                    "s!1"
                                    "ac"
                                    "(null[Instruction], e1!1, s1!1)"
                                    "m"
                                    "k1!1"
                                    "n"
                                    "n!2"))
                                  (("1"
                                    (assert)
                                    (("1"
                                      (flatten)
                                      (("1"
                                        (replace -1)
                                        (("1"
                                          (replace -2)
                                          (("1"
                                            (replace -3)
                                            (("1"
                                              (hide -1 -2 -3 -4)
                                              (("1"
                                                (case "pn!1<=k1!1")
                                                (("1"
                                                  (hide -5)
                                                  (("1"
                                                    (lemma
                                                     "tr_add"
                                                     ("k1"
                                                      "pn!1"
                                                      "k2"
                                                      "k1!1-pn!1"
                                                      "cf0"
                                                      "(CB(b!2), e!1, s!1)"
                                                      "cf2"
                                                      "(null[Instruction], cons(b2n(B(b!2)(s!1)), e!1), s!1)"))
                                                    (("1"
                                                      (assert)
                                                      (("1"
                                                        (skosimp)
                                                        (("1"
                                                          (hide
                                                           -5
                                                           -7
                                                           -9)
                                                          (("1"
                                                            (lemma
                                                             "code_partial"
                                                             ("k"
                                                              "pn!1"
                                                              "c0"
                                                              "CB(b!2)"
                                                              "e0"
                                                              "e!1"
                                                              "s0"
                                                              "s!1"
                                                              "c1"
                                                              "cf1!1`1"
                                                              "e1"
                                                              "cf1!1`2"
                                                              "s1"
                                                              "cf1!1`3"
                                                              "c2"
                                                              "append(CB(b!1),
                          cons(BINARY(LAMBDA (i, j:int): i * j), null[Instruction]))"
                                                              "e2"
                                                              "null[int]"))
                                                            (("1"
                                                              (case-replace
                                                               "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                              (("1"
                                                                (assert)
                                                                (("1"
                                                                  (rewrite
                                                                   "append_null")
                                                                  (("1"
                                                                    (rewrite
                                                                     "append_null")
                                                                    (("1"
                                                                      (name-replace
                                                                       "CF0"
                                                                       "(append(CB(b!2),
                 append(CB(b!1),
                        cons(BINARY(LAMBDA (i, j: int): i * j),
                             null[Instruction]))),
          e!1, s!1)")
                                                                      (("1"
                                                                        (lemma
                                                                         "tr_eq"
                                                                         ("k"
                                                                          "pn!1"
                                                                          "cf0"
                                                                          "CF0"
                                                                          "cf1"
                                                                          "(append(cf1!1`1,
                 append(CB(b!1),
                        cons(BINARY(LAMBDA (i_1, j_1: int): i_1 * j_1),
                             null[Instruction]))),
          cf1!1`2, cf1!1`3)"
                                                                          "cf2"
                                                                          "ac!1"))
                                                                        (("1"
                                                                          (assert)
                                                                          (("1"
                                                                            (replace
                                                                             -1
                                                                             1
                                                                             rl)
                                                                            (("1"
                                                                              (assert)
                                                                              (("1"
                                                                                (inst
                                                                                 -
                                                                                 "cf1!1"
                                                                                 "e!1"
                                                                                 "k1!1"
                                                                                 "pn!1")
                                                                                (("1"
                                                                                  (assert)
                                                                                  nil
                                                                                  nil))
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil)
                                                               ("2"
                                                                (decompose-equality)
                                                                nil
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil)
                                                     ("2"
                                                      (assert)
                                                      nil
                                                      nil))
                                                    nil))
                                                  nil)
                                                 ("2"
                                                  (case
                                                   "k1!1+1 <= pn!1")
                                                  (("1"
                                                    (hide 1)
                                                    (("1"
                                                      (hide -7 -8)
                                                      (("1"
                                                        (lemma
                                                         "code_split"
                                                         ("k"
                                                          "k2!1"
                                                          "c1"
                                                          "CB(b!1)"
                                                          "c2"
                                                          "cons(BINARY(LAMBDA (i_1, j_1: int): i_1 * j_1),
                      null[Instruction])"
                                                          "e"
                                                          "cons(b2n(B(b!2)(s!1)),e!1)"
                                                          "s"
                                                          "s!1"
                                                          "e2"
                                                          "cons(b2n(B(b!1)(s!1) AND B(b!2)(s!1)), e!1)"
                                                          "s2"
                                                          "s!1"))
                                                        (("1"
                                                          (replace -4)
                                                          (("1"
                                                            (skosimp)
                                                            (("1"
                                                              (case-replace
                                                               "k2!2=1")
                                                              (("1"
                                                                (hide
                                                                 -1)
                                                                (("1"
                                                                  (lemma
                                                                   "correct_BExp"
                                                                   ("b"
                                                                    "b!1"
                                                                    "e"
                                                                    "cons(b2n(B(b!2)(s!1)), e!1)"
                                                                    "s"
                                                                    "s!1"))
                                                                  (("1"
                                                                    (skosimp)
                                                                    (("1"
                                                                      (lemma
                                                                       "eq_BExp"
                                                                       ("n"
                                                                        "n!3"
                                                                        "b"
                                                                        "b!1"
                                                                        "e"
                                                                        "cons(b2n(B(b!2)(s!1)), e!1)"
                                                                        "s"
                                                                        "s!1"
                                                                        "ac"
                                                                        "(null[Instruction], e1!2, s1!2)"
                                                                        "m"
                                                                        "k1!2"))
                                                                      (("1"
                                                                        (assert)
                                                                        (("1"
                                                                          (flatten)
                                                                          (("1"
                                                                            (replace
                                                                             -1)
                                                                            (("1"
                                                                              (replace
                                                                               -2)
                                                                              (("1"
                                                                                (replace
                                                                                 -3)
                                                                                (("1"
                                                                                  (hide
                                                                                   -1
                                                                                   -2
                                                                                   -3
                                                                                   -4)
                                                                                  (("1"
                                                                                    (lemma
                                                                                     "tr_add"
                                                                                     ("k1"
                                                                                      "pn!1-k1!1"
                                                                                      "k2"
                                                                                      "k1!2+k1!1-pn!1"
                                                                                      "cf0"
                                                                                      "(CB(b!1), cons(b2n(B(b!2)(s!1)), e!1), s!1)"
                                                                                      "cf2"
                                                                                      "(null[Instruction], cons(b2n(B(b!1)(s!1)), cons(b2n(B(b!2)(s!1)), e!1)), s!1)"))
                                                                                    (("1"
                                                                                      (assert)
                                                                                      (("1"
                                                                                        (skosimp)
                                                                                        (("1"
                                                                                          (inst
                                                                                           -
                                                                                           "cf1!1"
                                                                                           "cons(b2n(B(b!2)(s!1)), e!1)"
                                                                                           "k1!2"
                                                                                           "pn!1-k1!1")
                                                                                          (("1"
                                                                                            (assert)
                                                                                            (("1"
                                                                                              (expand
                                                                                               "length"
                                                                                               -11
                                                                                               2)
                                                                                              (("1"
                                                                                                (hide
                                                                                                 -3
                                                                                                 -4
                                                                                                 -8)
                                                                                                (("1"
                                                                                                  (lemma
                                                                                                   "code_partial"
                                                                                                   ("k"
                                                                                                    "pn!1-k1!1"
                                                                                                    "c0"
                                                                                                    "CB(b!1)"
                                                                                                    "e0"
                                                                                                    "cons(b2n(B(b!2)(s!1)), e!1)"
                                                                                                    "s0"
                                                                                                    "s!1"
                                                                                                    "c1"
                                                                                                    "cf1!1`1"
                                                                                                    "e1"
                                                                                                    "cf1!1`2"
                                                                                                    "s1"
                                                                                                    "cf1!1`3"
                                                                                                    "c2"
                                                                                                    "cons(BINARY(LAMBDA (i, j:int): i * j), null[Instruction])"
                                                                                                    "e2"
                                                                                                    "null[int]"))
                                                                                                  (("1"
                                                                                                    (case-replace
                                                                                                     "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                                                                    (("1"
                                                                                                      (assert)
                                                                                                      (("1"
                                                                                                        (rewrite
                                                                                                         "append_null")
                                                                                                        (("1"
                                                                                                          (rewrite
                                                                                                           "append_null")
                                                                                                          (("1"
                                                                                                            (name-replace
                                                                                                             "CODE1"
                                                                                                             "append(CB(b!1),
                 cons(BINARY(LAMBDA (i, j: int): i * j),
                      null[Instruction]))")
                                                                                                            (("1"
                                                                                                              (hide
                                                                                                               -3
                                                                                                               -4)
                                                                                                              (("1"
                                                                                                                (hide
                                                                                                                 -1)
                                                                                                                (("1"
                                                                                                                  (lemma
                                                                                                                   "code_partial"
                                                                                                                   ("k"
                                                                                                                    "k1!1"
                                                                                                                    "c0"
                                                                                                                    "CB(b!2)"
                                                                                                                    "e0"
                                                                                                                    "e!1"
                                                                                                                    "s0"
                                                                                                                    "s!1"
                                                                                                                    "c1"
                                                                                                                    "null[Instruction]"
                                                                                                                    "e1"
                                                                                                                    "cons(b2n(B(b!2)(s!1)), e!1)"
                                                                                                                    "s1"
                                                                                                                    "s!1"
                                                                                                                    "c2"
                                                                                                                    "CODE1"
                                                                                                                    "e2"
                                                                                                                    "null[int]"))
                                                                                                                  (("1"
                                                                                                                    (rewrite
                                                                                                                     "append_null")
                                                                                                                    (("1"
                                                                                                                      (rewrite
                                                                                                                       "append_null")
                                                                                                                      (("1"
                                                                                                                        (expand
                                                                                                                         "append"
                                                                                                                         -1
                                                                                                                         2)
                                                                                                                        (("1"
                                                                                                                          (name-replace
                                                                                                                           "CF1"
                                                                                                                           "(CODE1, cons(b2n(B(b!2)(s!1)), e!1), s!1)")
                                                                                                                          (("1"
                                                                                                                            (name-replace
                                                                                                                             "CF0"
                                                                                                                             "(append(CB(b!2), CODE1), e!1, s!1)")
                                                                                                                            (("1"
                                                                                                                              (lemma
                                                                                                                               "tr_add"
                                                                                                                               ("k1"
                                                                                                                                "k1!1"
                                                                                                                                "k2"
                                                                                                                                "pn!1-k1!1"
                                                                                                                                "cf0"
                                                                                                                                "CF0"
                                                                                                                                "cf2"
                                                                                                                                "(append(cf1!1`1,
                 cons(BINARY(LAMBDA (i_1, j_1: int): i_1 * j_1),
                      null[Instruction])),
          cf1!1`2, cf1!1`3)"))
                                                                                                                              (("1"
                                                                                                                                (flatten
                                                                                                                                 -1)
                                                                                                                                (("1"
                                                                                                                                  (hide
                                                                                                                                   -1)
                                                                                                                                  (("1"
                                                                                                                                    (split
                                                                                                                                     -1)
                                                                                                                                    (("1"
                                                                                                                                      (assert)
                                                                                                                                      (("1"
                                                                                                                                        (lemma
                                                                                                                                         "tr_eq"
                                                                                                                                         ("k"
                                                                                                                                          "pn!1"
                                                                                                                                          "cf0"
                                                                                                                                          "CF0"
                                                                                                                                          "cf1"
                                                                                                                                          "(append(cf1!1`1,
                 cons(BINARY(LAMBDA (i_1, j_1: int): i_1 * j_1),
                      null[Instruction])),
          cf1!1`2, cf1!1`3)"
                                                                                                                                          "cf2"
                                                                                                                                          "ac!1"))
                                                                                                                                        (("1"
                                                                                                                                          (assert)
                                                                                                                                          nil
                                                                                                                                          nil))
                                                                                                                                        nil))
                                                                                                                                      nil)
                                                                                                                                     ("2"
                                                                                                                                      (inst
                                                                                                                                       +
                                                                                                                                       "CF1")
                                                                                                                                      (("2"
                                                                                                                                        (assert)
                                                                                                                                        nil
                                                                                                                                        nil))
                                                                                                                                      nil))
                                                                                                                                    nil))
                                                                                                                                  nil))
                                                                                                                                nil))
                                                                                                                              nil))
                                                                                                                            nil))
                                                                                                                          nil))
                                                                                                                        nil))
                                                                                                                      nil))
                                                                                                                    nil))
                                                                                                                  nil))
                                                                                                                nil))
                                                                                                              nil))
                                                                                                            nil))
                                                                                                          nil))
                                                                                                        nil))
                                                                                                      nil)
                                                                                                     ("2"
                                                                                                      (decompose-equality)
                                                                                                      nil
                                                                                                      nil))
                                                                                                    nil))
                                                                                                  nil))
                                                                                                nil))
                                                                                              nil))
                                                                                            nil))
                                                                                          nil))
                                                                                        nil))
                                                                                      nil))
                                                                                    nil))
                                                                                  nil))
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil)
                                                               ("2"
                                                                (hide-all-but
                                                                 (-2
                                                                  1))
                                                                (("2"
                                                                  (expand
                                                                   "tr")
                                                                  (("2"
                                                                    (expand
                                                                     "step")
                                                                    (("2"
                                                                      (expand
                                                                       "check2")
                                                                      (("2"
                                                                        (expand
                                                                         "push")
                                                                        (("2"
                                                                          (expand
                                                                           "pop")
                                                                          (("2"
                                                                            (expand
                                                                             "top")
                                                                            (("2"
                                                                              (case-replace
                                                                               "null?(e1!2)")
                                                                              (("1"
                                                                                (grind)
                                                                                nil
                                                                                nil)
                                                                               ("2"
                                                                                (case-replace
                                                                                 "null?(cdr(e1!2))")
                                                                                (("1"
                                                                                  (grind)
                                                                                  nil
                                                                                  nil)
                                                                                 ("2"
                                                                                  (assert)
                                                                                  (("2"
                                                                                    (expand
                                                                                     "tr")
                                                                                    (("2"
                                                                                      (propax)
                                                                                      nil
                                                                                      nil))
                                                                                    nil))
                                                                                  nil)
                                                                                 ("3"
                                                                                  (assert)
                                                                                  nil
                                                                                  nil))
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil)
                                                   ("2"
                                                    (assert)
                                                    nil
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil)
                     ("2" (replace -1)
                      (("2" (hide -1 -2 -3)
                        (("2"
                          (name-replace "CF0" "(append(CB(b!2),
                   append(CB(b!1),
                          cons(BINARY(LAMBDA (i, j:int): i * j), null[Instruction]))),
            e!1, s!1)")
                          (("2"
                            (lemma "tr_eq"
                             ("k" "n!1" "cf0" "CF0" "cf1"
                              "(null[Instruction], cons(b2n(B(b!1)(s!1) AND B(b!2)(s!1)), e!1), s!1)"
                              "cf2" "ac!1"))
                            (("2" (assert)
                              (("2"
                                (replace -2 -1)
                                (("2"
                                  (replace -1 1 rl)
                                  (("2"
                                    (assert)
                                    (("2"
                                      (expand "length" 1 1)
                                      (("2" (assert) nil nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil))
    nil)
   ((mult_divides1 application-judgement "(divides(n))" divides nil)
    (mult_divides2 application-judgement "(divides(m))" divides nil)
    (* const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (correct_BExp formula-decl nil bisimulation nil)
    (UNARY? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (UNARY adt-constructor-decl "[[int -> int] -> (UNARY?)]"
     Instruction nil)
    (NOT const-decl "[bool -> bool]" booleans nil)
    (check1 const-decl "bool" am nil)
    (eq_BExp formula-decl nil bisimulation nil)
    (correct_AExp formula-decl nil bisimulation nil)
    (AExp type-decl nil AExp nil)
    (A def-decl "[State -> int]" AExp nil)
    (code_split formula-decl nil am nil)
    (CA def-decl "Code" compiler nil)
    (append def-decl "list[T]" list_props nil)
    (BINARY? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (BINARY adt-constructor-decl "[[[int, int] -> int] -> (BINARY?)]"
     Instruction nil)
    (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
     integers nil)
    (check2 const-decl "bool" am nil) (pop const-decl "Stack" am nil)
    (cdr adt-accessor-decl "[(cons?) -> list]" list_adt nil)
    (top const-decl "int" am nil)
    (nnint_plus_posint_is_posint application-judgement "posint"
     integers nil)
    (tr_add formula-decl nil am nil)
    (- const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (append_null formula-decl nil list_props nil)
    (AExp_e formula-decl nil bisimulation nil)
    (tr_eq formula-decl nil am nil)
    (code_partial formula-decl nil am nil)
    (int_plus_int_is_int application-judgement "int" integers nil)
    (real_lt_is_strict_total_order name-judgement
     "(strict_total_order?[real])" real_props nil)
    (minus_odd_is_odd application-judgement "odd_int" integers nil)
    (real_gt_is_strict_total_order name-judgement
     "(strict_total_order?[real])" real_props nil)
    (posint nonempty-type-eq-decl nil integers nil)
    (even_minus_odd_is_odd application-judgement "odd_int" integers
     nil)
    (eq_AExp formula-decl nil bisimulation nil)
    (push const-decl "Stack" am nil) (step const-decl "Config" am nil)
    (real_le_is_total_order name-judgement "(total_order?[real])"
     real_props nil)
    (real_ge_is_total_order name-judgement "(total_order?[real])"
     real_props nil)
    (odd_minus_odd_is_even application-judgement "even_int" integers
     nil)
    (int_minus_int_is_int application-judgement "int" integers nil)
    (= const-decl "[T, T -> boolean]" equalities nil)
    (BExp_induction formula-decl nil BExp nil)
    (V formal-nonempty-type-decl nil bisimulation nil)
    (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (numfield nonempty-type-eq-decl nil number_fields nil)
    (length def-decl "nat" list_props nil)
    (<= const-decl "bool" reals nil)
    (B def-decl "[State -> bool]" BExp nil)
    (b2n const-decl "nbit" bit nil) (nbit type-eq-decl nil bit nil)
    (< const-decl "bool" reals nil)
    (cons adt-constructor-decl "[[T, list] -> (cons?)]" list_adt nil)
    (cons? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (null adt-constructor-decl "(null?)" list_adt nil)
    (null? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (CB def-decl "Code" compiler nil) (tr def-decl "bool" am nil)
    (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
    (posnat nonempty-type-eq-decl nil integers nil)
    (> const-decl "bool" reals nil)
    (nonneg_int nonempty-type-eq-decl nil integers nil)
    (nat nonempty-type-eq-decl nil naturalnumbers nil)
    (>= const-decl "bool" reals nil)
    (Config nonempty-type-eq-decl nil am nil)
    (State nonempty-type-eq-decl nil State nil)
    (int nonempty-type-eq-decl nil integers nil)
    (Stack nonempty-type-eq-decl nil am nil)
    (integer_pred const-decl "[rational -> boolean]" integers nil)
    (rational nonempty-type-from-decl nil rationals nil)
    (rational_pred const-decl "[real -> boolean]" rationals nil)
    (real nonempty-type-from-decl nil reals nil)
    (real_pred const-decl "[number_field -> boolean]" reals nil)
    (number_field nonempty-type-from-decl nil number_fields nil)
    (number_field_pred const-decl "[number -> boolean]" number_fields
     nil)
    (AND const-decl "[bool, bool -> bool]" booleans nil)
    (every adt-def-decl "boolean" list_adt nil)
    (PRED type-eq-decl nil defined_types nil)
    (bool nonempty-type-eq-decl nil booleans nil)
    (number nonempty-type-decl nil numbers nil)
    (Code nonempty-type-eq-decl nil Instruction nil)
    (list type-decl nil list_adt nil)
    (Instruction type-decl nil Instruction nil)
    (boolean nonempty-type-decl nil booleans nil)
    (BExp type-decl nil BExp nil)
    (posint_plus_nnint_is_posint application-judgement "posint"
     integers nil))
   shostak))
 (tilde_TCC1 0
  (tilde_TCC1-1 nil 3399040375 ("" (subtype-tcc) nil nil)
   ((V formal-nonempty-type-decl nil bisimulation nil)
    (terminal? const-decl "bool" sos nil))
   nil))
 (tilde_TCC2 0
  (tilde_TCC2-1 nil 3399040375 ("" (subtype-tcc) nil nil)
   ((V formal-nonempty-type-decl nil bisimulation nil)
    (terminal? const-decl "bool" sos nil))
   nil))
 (sos_step 0
  (sos_step-1 nil 3399040388
   ("" (induct "S")
    (("1" (skolem + ("x!1" "a!1"))
      (("1" (skosimp)
        (("1" (expand "step" 1)
          (("1" (expand "assign")
            (("1" (expand "assign")
              (("1"
                (lemma "correct_AExp"
                 ("a" "a!1" "s" "s!1" "e" "null[int]"))
                (("1" (skosimp)
                  (("1"
                    (inst + "n!1+1"
                     "(null[Instruction],null[int],LAMBDA (y:V): IF y = x!1 THEN A(a!1)(s!1) ELSE s!1(y) ENDIF)")
                    (("1" (expand "~")
                      (("1" (expand "terminal?")
                        (("1" (flatten)
                          (("1" (expand "CS")
                            (("1"
                              (lemma "code_partial"
                               ("k"
                                "n!1"
                                "c0"
                                "CA(a!1)"
                                "e0"
                                "null[int]"
                                "s0"
                                "s!1"
                                "c1"
                                "null[Instruction]"
                                "e1"
                                "cons(A(a!1)(s!1), null[int])"
                                "s1"
                                "s!1"
                                "c2"
                                "cons(STORE(x!1), null)"
                                "e2"
                                "null[int]"))
                              (("1"
                                (assert)
                                (("1"
                                  (rewrite "append_null")
                                  (("1"
                                    (rewrite "append_null")
                                    (("1"
                                      (expand "append" -1 2)
                                      (("1"
                                        (hide -2)
                                        (("1"
                                          (lemma
                                           "tr_add"
                                           ("k1"
                                            "n!1"
                                            "k2"
                                            "1"
                                            "cf0"
                                            "ac0!1"
                                            "cf2"
                                            "(null[Instruction], null[int],
            LAMBDA (y:V):
              IF y = x!1 THEN A(a!1)(s!1) ELSE s!1(y) ENDIF)"))
                                          (("1"
                                            (replace -1)
                                            (("1"
                                              (hide -1)
                                              (("1"
                                                (inst
                                                 +
                                                 "(cons(STORE(x!1), null), cons(A(a!1)(s!1), null[int]), s!1)")
                                                (("1"
                                                  (assert)
                                                  (("1"
                                                    (case-replace
                                                     "(append(CA(a!1), cons(STORE(x!1), null)), null[int], s!1)=ac0!1")
                                                    (("1"
                                                      (replace -2)
                                                      (("1"
                                                        (hide
                                                         -1
                                                         -2
                                                         -3
                                                         -4
                                                         -5)
                                                        (("1"
                                                          (expand "tr")
                                                          (("1"
                                                            (expand
                                                             "tr")
                                                            (("1"
                                                              (expand
                                                               "step")
                                                              (("1"
                                                                (expand
                                                                 "check1")
                                                                (("1"
                                                                  (expand
                                                                   "top")
                                                                  (("1"
                                                                    (expand
                                                                     "pop")
                                                                    (("1"
                                                                      (expand
                                                                       "assign")
                                                                      (("1"
                                                                        (propax)
                                                                        nil
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil)
                                                     ("2"
                                                      (hide 2 -1)
                                                      (("2"
                                                        (decompose-equality)
                                                        nil
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("2" (skosimp)
      (("2" (inst + "1" "(null[Instruction],null[int],s!1)")
        (("2" (expand "~")
          (("2" (expand "terminal?")
            (("2" (assert)
              (("2" (flatten)
                (("2" (expand "step")
                  (("2" (assert) (("2" (grind) nil nil)) nil)) nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("3" (skolem + ("S!1" "S!2"))
      (("3" (skosimp*)
        (("3" (hide -2)
          (("3" (expand "~")
            (("3" (expand "terminal?")
              (("3" (flatten)
                (("3" (assert)
                  (("3" (inst - "(CS(S!1),null[int],s!1)" "s!1")
                    (("3" (skosimp)
                      (("3" (expand "step" 1)
                        (("3" (assert)
                          (("3" (case-replace "T?(sos.step(S!1, s!1))")
                            (("1" (assert)
                              (("1"
                                (flatten)
                                (("1"
                                  (lemma
                                   "code_partial"
                                   ("k"
                                    "pn!1"
                                    "c0"
                                    "CS(S!1)"
                                    "e0"
                                    "null[int]"
                                    "e1"
                                    "null[int]"
                                    "e2"
                                    "null[int]"
                                    "c1"
                                    "null[Instruction]"
                                    "c2"
                                    "CS(S!2)"
                                    "s0"
                                    "s!1"
                                    "s1"
                                    "ac1!1`3"))
                                  (("1"
                                    (case-replace
                                     "(null[Instruction], null[int], ac1!1`3)=ac1!1")
                                    (("1"
                                      (assert)
                                      (("1"
                                        (expand "append" -2 2)
                                        (("1"
                                          (expand "append" -2 2)
                                          (("1"
                                            (expand "append" -2 2)
                                            (("1"
                                              (expand "CS" -8)
                                              (("1"
                                                (replace -8 * rl)
                                                (("1"
                                                  (inst
                                                   +
                                                   "pn!1"
                                                   "(CS(S!2), null[int], ac1!1`3)")
                                                  (("1"
                                                    (assert)
                                                    (("1"
                                                      (case-replace
                                                       "(ac0!1`1, null[int], s!1)=ac0!1")
                                                      (("1"
                                                        (decompose-equality)
                                                        nil
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil)
                                     ("2"
                                      (decompose-equality)
                                      nil
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil)
                             ("2" (assert)
                              (("2"
                                (flatten)
                                (("2"
                                  (assert)
                                  (("2"
                                    (expand "CS" -5)
                                    (("2"
                                      (expand "CS" 2)
                                      (("2"
                                        (lemma
                                         "code_partial"
                                         ("k"
                                          "pn!1"
                                          "c0"
                                          "CS(S!1)"
                                          "c1"
                                          "ac1!1`1"
                                          "c2"
                                          "CS(S!2)"
                                          "e0"
                                          "null[int]"
                                          "e1"
                                          "null[int]"
                                          "e2"
                                          "null[int]"
                                          "s0"
                                          "s!1"
                                          "s1"
                                          "ac1!1`3"))
                                        (("2"
                                          (case-replace
                                           "(ac1!1`1, null[int], ac1!1`3)=ac1!1")
                                          (("1"
                                            (assert)
                                            (("1"
                                              (expand "append" -2 2)
                                              (("1"
                                                (expand "append" -2 3)
                                                (("1"
                                                  (replace -3 * rl)
                                                  (("1"
                                                    (inst
                                                     +
                                                     "pn!1"
                                                     "(append(ac1!1`1, CS(S!2)), null[int], ac1!1`3)")
                                                    (("1"
                                                      (case-replace
                                                       "(append(CS(S!1), CS(S!2)), null[int], s!1)=ac0!1")
                                                      (("1"
                                                        (assert)
                                                        nil
                                                        nil)
                                                       ("2"
                                                        (decompose-equality)
                                                        nil
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil)
                                           ("2"
                                            (decompose-equality)
                                            nil
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("4" (skolem + ("b!1" "S!1" "S!2"))
      (("4" (skosimp)
        (("4" (skosimp)
          (("4"
            (lemma "correct_BExp"
             ("b" "b!1" "e" "null[int]" "s" "s!1"))
            (("4" (skosimp)
              (("4" (hide -2 -3)
                (("4" (case "B(b!1)(s!1)")
                  (("1" (inst + "n!1+1" "(CS(S!1),null[int],s!1)")
                    (("1" (expand "step" 1)
                      (("1" (assert)
                        (("1" (expand "~")
                          (("1" (expand "terminal?")
                            (("1" (flatten)
                              (("1"
                                (expand "CS" -3)
                                (("1"
                                  (lemma
                                   "code_partial"
                                   ("k"
                                    "n!1"
                                    "c0"
                                    "CB(b!1)"
                                    "e0"
                                    "null[int]"
                                    "s0"
                                    "s!1"
                                    "c1"
                                    "null[Instruction]"
                                    "e1"
                                    "cons(b2n(TRUE), null[int])"
                                    "s1"
                                    "s!1"
                                    "c2"
                                    "cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction])"
                                    "e2"
                                    "null[int]"))
                                  (("1"
                                    (assert)
                                    (("1"
                                      (rewrite "append_null")
                                      (("1"
                                        (rewrite "append_null")
                                        (("1"
                                          (replace -4 * rl)
                                          (("1"
                                            (expand "append" -1 1)
                                            (("1"
                                              (hide -3)
                                              (("1"
                                                (lemma
                                                 "am.tr_add"
                                                 ("k1"
                                                  "n!1"
                                                  "k2"
                                                  "1"
                                                  "cf0"
                                                  "ac0!1"
                                                  "cf2"
                                                  "(CS(S!1), null[int], s!1)"))
                                                (("1"
                                                  (replace -1)
                                                  (("1"
                                                    (hide -1)
                                                    (("1"
                                                      (case-replace
                                                       "(ac0!1`1, null[int], s!1)=ac0!1")
                                                      (("1"
                                                        (inst
                                                         +
                                                         "(cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction]),
          cons(b2n(TRUE), null[int]), s!1)")
                                                        (("1"
                                                          (assert)
                                                          (("1"
                                                            (hide-all-but
                                                             (-3 1))
                                                            (("1"
                                                              (expand
                                                               "tr")
                                                              (("1"
                                                                (expand
                                                                 "tr")
                                                                (("1"
                                                                  (expand
                                                                   "step")
                                                                  (("1"
                                                                    (expand
                                                                     "check1")
                                                                    (("1"
                                                                      (expand
                                                                       "b2n")
                                                                      (("1"
                                                                        (expand
                                                                         "top")
                                                                        (("1"
                                                                          (expand
                                                                           "pop")
                                                                          (("1"
                                                                            (rewrite
                                                                             "append_null")
                                                                            nil
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil)
                                                       ("2"
                                                        (hide-all-but
                                                         1)
                                                        (("2"
                                                          (decompose-equality)
                                                          nil
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil)
                   ("2" (inst + "n!1+1" "(CS(S!2),null[int],s!1)")
                    (("2" (expand "step" 2)
                      (("2" (assert)
                        (("2" (expand "~")
                          (("2" (expand "terminal?")
                            (("2" (flatten)
                              (("2"
                                (expand "CS" -2)
                                (("2"
                                  (lemma
                                   "code_partial"
                                   ("k"
                                    "n!1"
                                    "c0"
                                    "CB(b!1)"
                                    "e0"
                                    "null[int]"
                                    "s0"
                                    "s!1"
                                    "c1"
                                    "null[Instruction]"
                                    "e1"
                                    "cons(b2n(FALSE), null[int])"
                                    "s1"
                                    "s!1"
                                    "c2"
                                    "cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction])"
                                    "e2"
                                    "null[int]"))
                                  (("2"
                                    (assert)
                                    (("2"
                                      (rewrite "append_null")
                                      (("2"
                                        (rewrite "append_null")
                                        (("2"
                                          (expand "append" -1 2)
                                          (("2"
                                            (replace -3 -1 rl)
                                            (("2"
                                              (case-replace
                                               "(ac0!1`1, null[int], s!1)=ac0!1")
                                              (("1"
                                                (hide -1 -4 -5 -6)
                                                (("1"
                                                  (hide -2)
                                                  (("1"
                                                    (lemma
                                                     "am.tr_add"
                                                     ("k1"
                                                      "n!1"
                                                      "k2"
                                                      "1"
                                                      "cf0"
                                                      "ac0!1"
                                                      "cf2"
                                                      "(CS(S!2), null[int], s!1)"))
                                                    (("1"
                                                      (replace -1)
                                                      (("1"
                                                        (hide -1)
                                                        (("1"
                                                          (inst
                                                           +
                                                           "(cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction]),
          cons(b2n(FALSE), null[int]), s!1)")
                                                          (("1"
                                                            (assert)
                                                            (("1"
                                                              (hide -1)
                                                              (("1"
                                                                (expand
                                                                 "tr")
                                                                (("1"
                                                                  (expand
                                                                   "tr")
                                                                  (("1"
                                                                    (expand
                                                                     "step")
                                                                    (("1"
                                                                      (expand
                                                                       "check1")
                                                                      (("1"
                                                                        (expand
                                                                         "b2n")
                                                                        (("1"
                                                                          (expand
                                                                           "top")
                                                                          (("1"
                                                                            (expand
                                                                             "pop")
                                                                            (("1"
                                                                              (rewrite
                                                                               "append_null")
                                                                              nil
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil)
                                               ("2"
                                                (hide-all-but 1)
                                                (("2"
                                                  (decompose-equality)
                                                  nil
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("5" (skolem + ("b!1" "S!1"))
      (("5" (skosimp)
        (("5" (skosimp)
          (("5" (hide -1)
            (("5" (expand "~")
              (("5" (expand "terminal?")
                (("5" (flatten)
                  (("5" (expand "step")
                    (("5"
                      (inst + "1"
                       "(CS(Conditional(b!1, Sequence(S!1, While(b!1, S!1)), Skip)),null[int],s!1)")
                      (("5" (expand "tr")
                        (("5" (copy -1)
                          (("5" (expand "CS" -1)
                            (("5" (replace -1)
                              (("5"
                                (assert)
                                (("5"
                                  (expand "step")
                                  (("5"
                                    (replace -1)
                                    (("5"
                                      (assert)
                                      (("5"
                                        (expand "tr")
                                        (("5"
                                          (split)
                                          (("1"
                                            (decompose-equality)
                                            (("1"
                                              (case
                                               "forall b: length(CB(b))>=1")
                                              (("1"
                                                (inst - "b!1")
                                                (("1"
                                                  (lemma
                                                   "length_append"
                                                   ("l1"
                                                    "CB(b!1)"
                                                    "l2"
                                                    "cons(BRANCH(append(CS(S!1),
                                 cons(LOOP(CB(b!1), CS(S!1)), null[Instruction])),
                          cons(NOOP, null[Instruction])),
                   null[Instruction])"))
                                                  (("1"
                                                    (replace -3 * rl)
                                                    (("1"
                                                      (replace -4 -1)
                                                      (("1"
                                                        (expand
                                                         "length"
                                                         -1
                                                         1)
                                                        (("1"
                                                          (expand
                                                           "length"
                                                           -1
                                                           1)
                                                          (("1"
                                                            (expand
                                                             "length"
                                                             -1
                                                             2)
                                                            (("1"
                                                              (expand
                                                               "length"
                                                               -1
                                                               2)
                                                              (("1"
                                                                (assert)
                                                                nil
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil)
                                               ("2"
                                                (hide-all-but 1)
                                                (("2"
                                                  (induct "b")
                                                  (("1"
                                                    (grind)
                                                    nil
                                                    nil)
                                                   ("2"
                                                    (grind)
                                                    nil
                                                    nil)
                                                   ("3"
                                                    (skosimp*)
                                                    (("3"
                                                      (expand "CB")
                                                      (("3"
                                                        (rewrite
                                                         "append_assoc"
                                                         *
                                                         :dir
                                                         rl)
                                                        (("3"
                                                          (lemma
                                                           "length_append"
                                                           ("l1"
                                                            "append(CA(Eq2_var!1), CA(Eq1_var!1))"
                                                            "l2"
                                                            "cons(BINARY(LAMBDA (i, j:int): b2n(i = j)), null[Instruction])"))
                                                          (("3"
                                                            (expand
                                                             "length"
                                                             -1
                                                             3)
                                                            (("3"
                                                              (expand
                                                               "length"
                                                               -1
                                                               3)
                                                              (("3"
                                                                (assert)
                                                                nil
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil)
                                                   ("4"
                                                    (skosimp)
                                                    (("4"
                                                      (expand "CB")
                                                      (("4"
                                                        (lemma
                                                         "length_append"
                                                         ("l1"
                                                          "append(CA(Le2_var!1), CA(Le1_var!1))"
                                                          "l2"
                                                          "cons(BINARY(LAMBDA (i, j:int): b2n(i <= j)), null[Instruction])"))
                                                        (("4"
                                                          (expand
                                                           "length"
                                                           -1
                                                           3)
                                                          (("4"
                                                            (expand
                                                             "length"
                                                             -1
                                                             3)
                                                            (("4"
                                                              (rewrite
                                                               "append_assoc"
                                                               *
                                                               :dir
                                                               rl)
                                                              (("4"
                                                                (assert)
                                                                nil
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil)
                                                   ("5"
                                                    (skosimp)
                                                    (("5"
                                                      (expand "CB" 1)
                                                      (("5"
                                                        (lemma
                                                         "length_append"
                                                         ("l1"
                                                          "CB(Neg1_var!1)"
                                                          "l2"
                                                          "cons(UNARY(LAMBDA (i:int): 1 - i), null[Instruction])"))
                                                        (("5"
                                                          (expand
                                                           "length"
                                                           -1
                                                           3)
                                                          (("5"
                                                            (assert)
                                                            nil
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil)
                                                   ("6"
                                                    (skosimp*)
                                                    (("6"
                                                      (expand "CB" 1)
                                                      (("6"
                                                        (rewrite
                                                         "length_append")
                                                        (("6"
                                                          (assert)
                                                          nil
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil)
                                           ("2"
                                            (expand "CS" 1 3)
                                            (("2"
                                              (expand "CS" 1 3)
                                              (("2"
                                                (expand "CS" 1 4)
                                                (("2"
                                                  (expand "CS" 1 5)
                                                  (("2"
                                                    (propax)
                                                    nil
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil))
    nil)
   ((Conditional? adt-recognizer-decl "[Stm -> boolean]" Stm nil)
    (Conditional adt-constructor-decl
     "[[BExp[V], Stm, Stm] -> (Conditional?)]" Stm nil)
    (Sequence? adt-recognizer-decl "[Stm -> boolean]" Stm nil)
    (Sequence adt-constructor-decl "[[Stm, Stm] -> (Sequence?)]" Stm
     nil)
    (While? adt-recognizer-decl "[Stm -> boolean]" Stm nil)
    (While adt-constructor-decl "[[BExp[V], Stm] -> (While?)]" Stm nil)
    (Skip? adt-recognizer-decl "[Stm -> boolean]" Stm nil)
    (Skip adt-constructor-decl "(Skip?)" Stm nil)
    (length def-decl "nat" list_props nil)
    (length_append formula-decl nil list_props nil)
    (real_ge_is_total_order name-judgement "(total_order?[real])"
     real_props nil)
    (BExp_induction formula-decl nil BExp nil)
    (append_assoc formula-decl nil list_props nil)
    (BINARY? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (BINARY adt-constructor-decl "[[[int, int] -> int] -> (BINARY?)]"
     Instruction nil)
    (<= const-decl "bool" reals nil)
    (- const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (UNARY adt-constructor-decl "[[int -> int] -> (UNARY?)]"
     Instruction nil)
    (UNARY? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (nnint_plus_nnint_is_nnint application-judgement "nonneg_int"
     integers nil)
    (mult_divides1 application-judgement "(divides(n))" divides nil)
    (mult_divides2 application-judgement "(divides(m))" divides nil)
    (* const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (LOOP? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (LOOP adt-constructor-decl
     "[[list[Instruction], list[Instruction]] -> (LOOP?)]" Instruction
     nil)
    (NOOP? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (NOOP adt-constructor-decl "(NOOP?)" Instruction nil)
    (B def-decl "[State -> bool]" BExp nil)
    (CB def-decl "Code" compiler nil)
    (BRANCH? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (BRANCH adt-constructor-decl
     "[[list[Instruction], list[Instruction]] -> (BRANCH?)]"
     Instruction nil)
    (< const-decl "bool" reals nil) (nbit type-eq-decl nil bit nil)
    (b2n const-decl "nbit" bit nil)
    (TRUE const-decl "bool" booleans nil)
    (FALSE const-decl "bool" booleans nil)
    (BExp type-decl nil BExp nil)
    (correct_BExp formula-decl nil bisimulation nil)
    (ac1!1 skolem-const-decl "am[V].Config" bisimulation nil)
    (T? adt-recognizer-decl "[Config -> boolean]" sos nil)
    (assign const-decl "State" State nil)
    (code_partial formula-decl nil am nil)
    (CA def-decl "Code" compiler nil)
    (cons? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (cons adt-constructor-decl "[[T, list] -> (cons?)]" list_adt nil)
    (STORE? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (STORE adt-constructor-decl "[V -> (STORE?)]" Instruction nil)
    (append_null formula-decl nil list_props nil)
    (append def-decl "list[T]" list_props nil)
    (tr_add formula-decl nil am nil) (step const-decl "Config" am nil)
    (top const-decl "int" am nil) (pop const-decl "Stack" am nil)
    (check1 const-decl "bool" am nil)
    (int_minus_int_is_int application-judgement "int" integers nil)
    (posint_plus_nnint_is_posint application-judgement "posint"
     integers nil)
    (CS def-decl "Code" compiler nil)
    (terminal? const-decl "bool" sos nil)
    (numfield nonempty-type-eq-decl nil number_fields nil)
    (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (IF const-decl "[boolean, T, T -> T]" if_def nil)
    (= const-decl "[T, T -> boolean]" equalities nil)
    (A def-decl "[State -> int]" AExp nil)
    (nnint_plus_posint_is_posint application-judgement "posint"
     integers nil)
    (null adt-constructor-decl "(null?)" list_adt nil)
    (null? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (AExp type-decl nil AExp nil)
    (correct_AExp formula-decl nil bisimulation nil)
    (assign const-decl "State" State nil)
    (Stm_induction formula-decl nil Stm nil)
    (V formal-nonempty-type-decl nil bisimulation nil)
    (tr def-decl "bool" am nil)
    (nat nonempty-type-eq-decl nil naturalnumbers nil)
    (step def-decl "[Config]" sos nil)
    (posnat nonempty-type-eq-decl nil integers nil)
    (> const-decl "bool" reals nil)
    (nonneg_int nonempty-type-eq-decl nil integers nil)
    (>= const-decl "bool" reals nil)
    (I adt-constructor-decl "[[Stm[V], State[V]] -> (I?)]" sos nil)
    (I? adt-recognizer-decl "[Config -> boolean]" sos nil)
    (~ const-decl "bool" bisimulation nil)
    (Config type-decl nil sos nil)
    (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
    (Config nonempty-type-eq-decl nil am nil)
    (State nonempty-type-eq-decl nil State nil)
    (int nonempty-type-eq-decl nil integers nil)
    (Stack nonempty-type-eq-decl nil am nil)
    (integer_pred const-decl "[rational -> boolean]" integers nil)
    (rational nonempty-type-from-decl nil rationals nil)
    (rational_pred const-decl "[real -> boolean]" rationals nil)
    (real nonempty-type-from-decl nil reals nil)
    (real_pred const-decl "[number_field -> boolean]" reals nil)
    (number_field nonempty-type-from-decl nil number_fields nil)
    (number_field_pred const-decl "[number -> boolean]" number_fields
     nil)
    (AND const-decl "[bool, bool -> bool]" booleans nil)
    (every adt-def-decl "boolean" list_adt nil)
    (PRED type-eq-decl nil defined_types nil)
    (bool nonempty-type-eq-decl nil booleans nil)
    (number nonempty-type-decl nil numbers nil)
    (Code nonempty-type-eq-decl nil Instruction nil)
    (list type-decl nil list_adt nil)
    (Instruction type-decl nil Instruction nil)
    (boolean nonempty-type-decl nil booleans nil)
    (Stm type-decl nil Stm nil))
   shostak))
 (sos_steps 0
  (sos_steps-1 nil 3399106364
   ("" (induct "n")
    (("1" (skosimp*) (("1" (expand "tr") (("1" (propax) nil nil)) nil))
      nil)
     ("2" (skosimp*)
      (("2" (expand "tr" -2)
        (("2" (case-replace "j!1=0")
          (("1" (expand "tr" -3)
            (("1" (hide -2)
              (("1"
                (lemma "sos_step"
                 ("S" "S!1" "s" "s0!1" "ac0"
                  "(CS(S!1),null[int],s0!1)"))
                (("1" (expand "~" -1 1)
                  (("1" (expand "terminal?")
                    (("1" (skosimp)
                      (("1" (replace -4)
                        (("1" (hide -3 -4)
                          (("1" (expand "~")
                            (("1" (expand "terminal?")
                              (("1"
                                (flatten)
                                (("1"
                                  (inst + "pn!1")
                                  (("1"
                                    (case-replace
                                     "(null[Instruction], null[int], s1!1)=ac1!1")
                                    (("1"
                                      (decompose-equality)
                                      nil
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil)
           ("2" (case "j!1>=1")
            (("1" (hide 1)
              (("1"
                (lemma "sos_step"
                 ("S" "S!1" "s" "s0!1" "ac0"
                  "(CS(S!1),null[int],s0!1)"))
                (("1" (expand "~" -1 1)
                  (("1" (expand "terminal?")
                    (("1" (skosimp)
                      (("1" (expand "~")
                        (("1" (expand "terminal?")
                          (("1" (assert)
                            (("1"
                              (case-replace "T?(sos.step(S!1, s0!1))")
                              (("1"
                                (flatten)
                                (("1"
                                  (expand "tr" -8)
                                  (("1"
                                    (flatten)
                                    (("1" (assert) nil nil))
                                    nil))
                                  nil))
                                nil)
                               ("2"
                                (assert)
                                (("2"
                                  (flatten)
                                  (("2"
                                    (case "I?(sos.step(S!1, s0!1))")
                                    (("1"
                                      (hide 1)
                                      (("1"
                                        (inst
                                         -
                                         "S(sos.step(S!1, s0!1))"
                                         "s(sos.step(S!1, s0!1))"
                                         "s1!1")
                                        (("1"
                                          (case-replace
                                           "sos.I(S(sos.step(S!1, s0!1)), s(sos.step(S!1, s0!1)))=step(S!1, s0!1)")
                                          (("1"
                                            (assert)
                                            (("1"
                                              (case-replace
                                               "(CS(S(sos.step(S!1, s0!1))), null[int],
              s(sos.step(S!1, s0!1)))=ac1!1")
                                              (("1"
                                                (hide
                                                 -1
                                                 -2
                                                 -3
                                                 -4
                                                 -5
                                                 -6
                                                 -8
                                                 -10)
                                                (("1"
                                                  (skosimp)
                                                  (("1"
                                                    (inst + "pn!1+m!1")
                                                    (("1"
                                                      (rewrite
                                                       "tr_add"
                                                       1)
                                                      (("1"
                                                        (inst
                                                         +
                                                         "ac1!1")
                                                        (("1"
                                                          (assert)
                                                          nil
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil)
                                               ("2"
                                                (decompose-equality)
                                                nil
                                                nil))
                                              nil))
                                            nil)
                                           ("2"
                                            (decompose-equality)
                                            nil
                                            nil))
                                          nil))
                                        nil))
                                      nil)
                                     ("2" (assert) nil nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (assert) nil nil))
            nil))
          nil))
        nil))
      nil))
    nil)
   ((= const-decl "[T, T -> boolean]" equalities nil)
    (~ const-decl "bool" bisimulation nil)
    (posnat nonempty-type-eq-decl nil integers nil)
    (> const-decl "bool" reals nil)
    (nonneg_int nonempty-type-eq-decl nil integers nil)
    (ac1!1 skolem-const-decl "am[V].Config" bisimulation nil)
    (terminal? const-decl "bool" sos nil)
    (sos_step formula-decl nil bisimulation nil)
    (step def-decl "[Config]" sos nil) (tr_add formula-decl nil am nil)
    (numfield nonempty-type-eq-decl nil number_fields nil)
    (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (posint_plus_nnint_is_posint application-judgement "posint"
     integers nil)
    (Config_I_extensionality formula-decl nil sos nil)
    (S adt-accessor-decl "[(I?) -> Stm[V]]" sos nil)
    (s adt-accessor-decl "[(I?) -> State[V]]" sos nil)
    (real_ge_is_total_order name-judgement "(total_order?[real])"
     real_props nil)
    (nat_induction formula-decl nil naturalnumbers nil)
    (null adt-constructor-decl "(null?)" list_adt nil)
    (null? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (CS def-decl "Code" compiler nil) (tr def-decl "bool" am nil)
    (Config nonempty-type-eq-decl nil am nil)
    (Stack nonempty-type-eq-decl nil am nil)
    (AND const-decl "[bool, bool -> bool]" booleans nil)
    (every adt-def-decl "boolean" list_adt nil)
    (PRED type-eq-decl nil defined_types nil)
    (Code nonempty-type-eq-decl nil Instruction nil)
    (list type-decl nil list_adt nil)
    (Instruction type-decl nil Instruction nil)
    (T adt-constructor-decl "[State[V] -> (T?)]" sos nil)
    (T? adt-recognizer-decl "[Config -> boolean]" sos nil)
    (I adt-constructor-decl "[[Stm[V], State[V]] -> (I?)]" sos nil)
    (I? adt-recognizer-decl "[Config -> boolean]" sos nil)
    (tr def-decl "bool" sos nil) (Config type-decl nil sos nil)
    (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
    (State nonempty-type-eq-decl nil State nil)
    (Stm type-decl nil Stm nil)
    (V formal-nonempty-type-decl nil bisimulation nil)
    (pred type-eq-decl nil defined_types nil)
    (nat nonempty-type-eq-decl nil naturalnumbers nil)
    (>= const-decl "bool" reals nil)
    (bool nonempty-type-eq-decl nil booleans nil)
    (int nonempty-type-eq-decl nil integers nil)
    (integer_pred const-decl "[rational -> boolean]" integers nil)
    (rational nonempty-type-from-decl nil rationals nil)
    (rational_pred const-decl "[real -> boolean]" rationals nil)
    (real nonempty-type-from-decl nil reals nil)
    (real_pred const-decl "[number_field -> boolean]" reals nil)
    (number_field nonempty-type-from-decl nil number_fields nil)
    (number_field_pred const-decl "[number -> boolean]" number_fields
     nil)
    (boolean nonempty-type-decl nil booleans nil)
    (number nonempty-type-decl nil numbers nil))
   shostak))
 (am_step1 0
  (am_step1-1 nil 3399359572
   ("" (induct "S")
    (("1" (skolem + ("x!1" "a!1"))
      (("1" (skosimp)
        (("1" (expand "step")
          (("1" (expand "~")
            (("1" (expand "terminal?")
              (("1" (flatten)
                (("1" (expand "CS" -1)
                  (("1"
                    (case-replace
                     "ac!1=(append(CA(a!1), cons(STORE(x!1), null[Instruction])),null[int],s!1)")
                    (("1" (hide -1 -2 -3 -4)
                      (("1"
                        (case-replace
                         "ac1!1=(null[Instruction],null[int],assign(x!1, A(a!1))(s!1))")
                        (("1" (hide-all-but 1)
                          (("1"
                            (lemma "correct_AExp"
                             ("a" "a!1" "e" "null[int]" "s" "s!1"))
                            (("1" (skosimp)
                              (("1"
                                (inst + "n!1+1")
                                (("1"
                                  (case-replace
                                   "am.tr
          (n!1 + 1)
          ((append(CA(a!1), cons(STORE(x!1), null[Instruction])),
            null[int], s!1),
           (null[Instruction], null[int], assign(x!1, A(a!1))(s!1)))")
                                  (("1"
                                    (skosimp)
                                    (("1"
                                      (expand "<=" -3)
                                      (("1"
                                        (split -3)
                                        (("1"
                                          (lemma
                                           "AExp_e"
                                           ("n"
                                            "n!1"
                                            "a"
                                            "a!1"
                                            "e"
                                            "null[int]"
                                            "s"
                                            "s!1"))
                                          (("1"
                                            (replace -4)
                                            (("1"
                                              (expand "length" -1 2)
                                              (("1"
                                                (case-replace "n!2=0")
                                                (("1"
                                                  (expand "tr" -6)
                                                  (("1"
                                                    (replace -6 1 rl)
                                                    (("1"
                                                      (assert)
                                                      nil
                                                      nil))
                                                    nil))
                                                  nil)
                                                 ("2"
                                                  (replace 1 2)
                                                  (("2"
                                                    (assert)
                                                    (("2"
                                                      (lemma
                                                       "tr_add"
                                                       ("k1"
                                                        "n!2"
                                                        "k2"
                                                        "n!1-n!2"
                                                        "cf0"
                                                        "(CA(a!1), null[int], s!1)"
                                                        "cf2"
                                                        "(null[Instruction], cons(A(a!1)(s!1), null[int]), s!1)"))
                                                      (("2"
                                                        (assert)
                                                        (("2"
                                                          (skosimp)
                                                          (("2"
                                                            (inst
                                                             -
                                                             "cf1!1"
                                                             "n!2")
                                                            (("2"
                                                              (assert)
                                                              (("2"
                                                                (lemma
                                                                 "code_partial"
                                                                 ("c0"
                                                                  "CA(a!1)"
                                                                  "e0"
                                                                  "null[int]"
                                                                  "s0"
                                                                  "s!1"
                                                                  "c1"
                                                                  "cf1!1`1"
                                                                  "e1"
                                                                  "cf1!1`2"
                                                                  "s1"
                                                                  "cf1!1`3"
                                                                  "c2"
                                                                  "cons(STORE(x!1), null[Instruction])"
                                                                  "e2"
                                                                  "null[int]"
                                                                  "k"
                                                                  "n!2"))
                                                                (("2"
                                                                  (assert)
                                                                  (("2"
                                                                    (case-replace
                                                                     "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                                    (("1"
                                                                      (replace
                                                                       -3)
                                                                      (("1"
                                                                        (rewrite
                                                                         "append_null")
                                                                        (("1"
                                                                          (rewrite
                                                                           "append_null")
                                                                          (("1"
                                                                            (name-replace
                                                                             "CF0"
                                                                             "(append(CA(a!1), cons(STORE(x!1), null[Instruction])), null[int],
          s!1)")
                                                                            (("1"
                                                                              (hide-all-but
                                                                               (-2
                                                                                -5
                                                                                -9
                                                                                -10))
                                                                              (("1"
                                                                                (lemma
                                                                                 "tr_eq"
                                                                                 ("k"
                                                                                  "n!2"
                                                                                  "cf0"
                                                                                  "CF0"
                                                                                  "cf1"
                                                                                  "(append(cf1!1`1, cons(STORE(x!1), null[Instruction])), cf1!1`2,
          cf1!1`3)"
                                                                                  "cf2"
                                                                                  "ac2!1"))
                                                                                (("1"
                                                                                  (assert)
                                                                                  (("1"
                                                                                    (replace
                                                                                     -1
                                                                                     -5
                                                                                     rl)
                                                                                    (("1"
                                                                                      (assert)
                                                                                      (("1"
                                                                                        (lemma
                                                                                         "length_is_0"
                                                                                         ("l"
                                                                                          "cf1!1`2"))
                                                                                        (("1"
                                                                                          (assert)
                                                                                          nil
                                                                                          nil))
                                                                                        nil))
                                                                                      nil))
                                                                                    nil))
                                                                                  nil))
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil)
                                                                     ("2"
                                                                      (decompose-equality)
                                                                      nil
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil)
                                         ("2"
                                          (replace -1)
                                          (("2"
                                            (simplify 1)
                                            (("2"
                                              (name-replace
                                               "CF0"
                                               "(append(CA(a!1), cons(STORE(x!1), null[Instruction])),
            null[int], s!1)")
                                              (("2"
                                                (expand "assign")
                                                (("2"
                                                  (expand "assign")
                                                  (("2"
                                                    (lemma
                                                     "tr_eq"
                                                     ("k"
                                                      "n!1+1"
                                                      "cf0"
                                                      "CF0"
                                                      "cf1"
                                                      "(null[Instruction], null[int], LAMBDA (y:V): IF y = x!1 THEN A(a!1)(s!1) ELSE s!1(y) ENDIF)"
                                                      "cf2"
                                                      "ac2!1"))
                                                    (("2"
                                                      (assert)
                                                      nil
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil)
                                   ("2"
                                    (hide 2)
                                    (("2"
                                      (lemma
                                       "code_partial"
                                       ("k"
                                        "n!1"
                                        "c0"
                                        "CA(a!1)"
                                        "e0"
                                        "null[int]"
                                        "s0"
                                        "s!1"
                                        "c1"
                                        "null[Instruction]"
                                        "e1"
                                        "cons(A(a!1)(s!1), null[int])"
                                        "s1"
                                        "s!1"
                                        "c2"
                                        "cons(STORE(x!1), null[Instruction])"
                                        "e2"
                                        "null[int]"))
                                      (("2"
                                        (assert)
                                        (("2"
                                          (rewrite "append_null")
                                          (("2"
                                            (rewrite "append_null")
                                            (("2"
                                              (expand "append" -1 2)
                                              (("2"
                                                (expand "assign")
                                                (("2"
                                                  (expand "assign")
                                                  (("2"
                                                    (lemma
                                                     "tr_add"
                                                     ("k1"
                                                      "n!1"
                                                      "k2"
                                                      "1"
                                                      "cf0"
                                                      "(append(CA(a!1), cons(STORE(x!1), null[Instruction])), null[int],
          s!1)"
                                                      "cf2"
                                                      "(null[Instruction], null[int],
            LAMBDA (y:V): IF y = x!1 THEN A(a!1)(s!1) ELSE s!1(y) ENDIF)"))
                                                    (("2"
                                                      (replace -1 1)
                                                      (("2"
                                                        (hide -1 -3)
                                                        (("2"
                                                          (inst
                                                           +
                                                           "(cons(STORE(x!1), null[Instruction]),
          cons(A(a!1)(s!1), null[int]), s!1)")
                                                          (("2"
                                                            (replace
                                                             -1)
                                                            (("2"
                                                              (hide -1)
                                                              (("2"
                                                                (expand
                                                                 "tr")
                                                                (("2"
                                                                  (expand
                                                                   "tr")
                                                                  (("2"
                                                                    (expand
                                                                     "step")
                                                                    (("2"
                                                                      (expand
                                                                       "check1")
                                                                      (("2"
                                                                        (expand
                                                                         "pop")
                                                                        (("2"
                                                                          (expand
                                                                           "assign")
                                                                          (("2"
                                                                            (expand
                                                                             "top")
                                                                            (("2"
                                                                              (propax)
                                                                              nil
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil)
                         ("2" (decompose-equality) nil nil))
                        nil))
                      nil)
                     ("2" (decompose-equality) nil nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("2" (skosimp*)
      (("2" (expand "step")
        (("2" (expand "~")
          (("2" (expand "terminal?")
            (("2" (flatten)
              (("2" (expand "CS")
                (("2"
                  (case-replace
                   "ac!1=(cons(NOOP, null[Instruction]),null[int],s!1)")
                  (("1" (hide -1 -2 -3 -4)
                    (("1"
                      (case-replace
                       "ac1!1=(null[Instruction],null[int],s!1)")
                      (("1" (hide -1 -2 -3 -4)
                        (("1" (inst + "1")
                          (("1" (expand "tr")
                            (("1" (expand "step")
                              (("1"
                                (expand "tr" 1 1)
                                (("1"
                                  (skosimp)
                                  (("1"
                                    (case-replace "n!1=0")
                                    (("1" (assert) nil nil)
                                     ("2"
                                      (case-replace "n!1=1")
                                      (("1"
                                        (assert)
                                        (("1"
                                          (expand "tr")
                                          (("1" (assert) nil nil))
                                          nil))
                                        nil)
                                       ("2" (assert) nil nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil)
                       ("2" (decompose-equality) nil nil))
                      nil))
                    nil)
                   ("2" (decompose-equality) nil nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("3" (skolem + ("S!1" "S!2"))
      (("3" (skosimp*)
        (("3" (hide -2)
          (("3" (inst - "_" "_" "s!1")
            (("3" (expand "~")
              (("3" (expand "terminal?")
                (("3" (flatten)
                  (("3"
                    (case-replace
                     "ac!1=(CS(Sequence(S!1, S!2)),null[int],s!1)")
                    (("1" (hide -3 -1 -4 -5)
                      (("1"
                        (case-replace
                         "T?(sos.step(Sequence(S!1, S!2), s!1))")
                        (("1" (flatten)
                          (("1" (hide-all-but -1)
                            (("1" (expand "step")
                              (("1"
                                (case-replace "T?(step(S!1, s!1))")
                                (("1" (assert) nil nil)
                                 ("2" (assert) nil nil))
                                nil))
                              nil))
                            nil))
                          nil)
                         ("2" (replace 1)
                          (("2"
                            (case "I?(sos.step(Sequence(S!1, S!2), s!1))")
                            (("1" (hide 1)
                              (("1"
                                (flatten)
                                (("1"
                                  (case-replace
                                   "ac1!1=(CS(S(sos.step(Sequence(S!1, S!2), s!1))),null[int],s(sos.step(Sequence(S!1, S!2), s!1)))")
                                  (("1"
                                    (hide -1 -4 -5 -6)
                                    (("1"
                                      (inst
                                       -
                                       "(CS(S!1),null[int],s!1)"
                                       "_")
                                      (("1"
                                        (case-replace
                                         "T?(sos.step(S!1, s!1))")
                                        (("1"
                                          (inst
                                           -
                                           "(null[Instruction],null[int],s1(sos.step(S!1, s!1)))")
                                          (("1"
                                            (skosimp)
                                            (("1"
                                              (inst + "pn!1")
                                              (("1"
                                                (expand "CS" 1 3)
                                                (("1"
                                                  (expand "step" 1)
                                                  (("1"
                                                    (assert)
                                                    (("1"
                                                      (expand "CS" 1 1)
                                                      (("1"
                                                        (lemma
                                                         "code_partial"
                                                         ("k"
                                                          "pn!1"
                                                          "c0"
                                                          "CS(S!1)"
                                                          "e0"
                                                          "null[int]"
                                                          "s0"
                                                          "s!1"
                                                          "c1"
                                                          "null[Instruction]"
                                                          "e1"
                                                          "null[int]"
                                                          "s1"
                                                          "s1(sos.step(S!1, s!1))"
                                                          "c2"
                                                          "CS(S!2)"
                                                          "e2"
                                                          "null[int]"))
                                                        (("1"
                                                          (replace -4)
                                                          (("1"
                                                            (rewrite
                                                             "append_null")
                                                            (("1"
                                                              (expand
                                                               "append"
                                                               -1
                                                               2)
                                                              (("1"
                                                                (replace
                                                                 -1)
                                                                (("1"
                                                                  (skosimp)
                                                                  (("1"
                                                                    (lemma
                                                                     "tr_add"
                                                                     ("k1"
                                                                      "n!1"
                                                                      "k2"
                                                                      "pn!1-n!1"
                                                                      "cf0"
                                                                      "(CS(S!1),null[int], s!1)"
                                                                      "cf2"
                                                                      "(null[Instruction], null[int], s1(sos.step(S!1, s!1)))"))
                                                                    (("1"
                                                                      (replace
                                                                       -5)
                                                                      (("1"
                                                                        (assert)
                                                                        (("1"
                                                                          (skosimp)
                                                                          (("1"
                                                                            (inst
                                                                             -
                                                                             "n!1"
                                                                             "cf1!1")
                                                                            (("1"
                                                                              (assert)
                                                                              (("1"
                                                                                (lemma
                                                                                 "code_partial"
                                                                                 ("c0"
                                                                                  "CS(S!1)"
                                                                                  "e0"
                                                                                  "null[int]"
                                                                                  "s0"
                                                                                  "s!1"
                                                                                  "c1"
                                                                                  "cf1!1`1"
                                                                                  "e1"
                                                                                  "cf1!1`2"
                                                                                  "s1"
                                                                                  "cf1!1`3"
                                                                                  "c2"
                                                                                  "CS(S!2)"
                                                                                  "e2"
                                                                                  "null[int]"
                                                                                  "k"
                                                                                  "n!1"))
                                                                                (("1"
                                                                                  (case-replace
                                                                                   "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                                                  (("1"
                                                                                    (replace
                                                                                     -3)
                                                                                    (("1"
                                                                                      (rewrite
                                                                                       "append_null")
                                                                                      (("1"
                                                                                        (rewrite
                                                                                         "append_null")
                                                                                        (("1"
                                                                                          (lemma
                                                                                           "tr_eq"
                                                                                           ("k"
                                                                                            "n!1"
                                                                                            "cf0"
                                                                                            "(append(CS(S!1), CS(S!2)), null[int], s!1)"
                                                                                            "cf1"
                                                                                            "(append(cf1!1`1, CS(S!2)), cf1!1`2, cf1!1`3)"
                                                                                            "cf2"
                                                                                            "ac2!1"))
                                                                                          (("1"
                                                                                            (assert)
                                                                                            (("1"
                                                                                              (replace
                                                                                               -1
                                                                                               1
                                                                                               rl)
                                                                                              (("1"
                                                                                                (assert)
                                                                                                nil
                                                                                                nil))
                                                                                              nil))
                                                                                            nil))
                                                                                          nil))
                                                                                        nil))
                                                                                      nil))
                                                                                    nil)
                                                                                   ("2"
                                                                                    (decompose-equality)
                                                                                    nil
                                                                                    nil))
                                                                                  nil))
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil)
                                                                     ("2"
                                                                      (assert)
                                                                      nil
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil)
                                         ("2"
                                          (assert)
                                          (("2"
                                            (case
                                             "I?(sos.step(S!1, s!1))")
                                            (("1"
                                              (hide 1)
                                              (("1"
                                                (inst
                                                 -
                                                 "(CS(S(sos.step(S!1, s!1))),null[int],s(sos.step(S!1, s!1)))")
                                                (("1"
                                                  (skosimp)
                                                  (("1"
                                                    (inst + "pn!1")
                                                    (("1"
                                                      (expand "step" 1)
                                                      (("1"
                                                        (expand "CS" 1)
                                                        (("1"
                                                          (lemma
                                                           "code_partial"
                                                           ("k"
                                                            "pn!1"
                                                            "c0"
                                                            "CS(S!1)"
                                                            "e0"
                                                            "null[int]"
                                                            "s0"
                                                            "s!1"
                                                            "c1"
                                                            "CS(S(sos.step(S!1, s!1)))"
                                                            "e1"
                                                            "null[int]"
                                                            "s1"
                                                            "s(sos.step(S!1, s!1))"
                                                            "c2"
                                                            "CS(S!2)"
                                                            "e2"
                                                            "null[int]"))
                                                          (("1"
                                                            (replace
                                                             -4)
                                                            (("1"
                                                              (rewrite
                                                               "append_null")
                                                              (("1"
                                                                (replace
                                                                 -1)
                                                                (("1"
                                                                  (skosimp)
                                                                  (("1"
                                                                    (inst
                                                                     -
                                                                     "n!1"
                                                                     "_")
                                                                    (("1"
                                                                      (lemma
                                                                       "tr_add"
                                                                       ("k1"
                                                                        "n!1"
                                                                        "k2"
                                                                        "pn!1-n!1"
                                                                        "cf0"
                                                                        "(CS(S!1), null[int], s!1)"
                                                                        "cf2"
                                                                        "(CS(S(sos.step(S!1, s!1))), null[int], s(sos.step(S!1, s!1)))"))
                                                                      (("1"
                                                                        (assert)
                                                                        (("1"
                                                                          (skosimp)
                                                                          (("1"
                                                                            (inst
                                                                             -
                                                                             "cf1!1")
                                                                            (("1"
                                                                              (assert)
                                                                              (("1"
                                                                                (lemma
                                                                                 "code_partial"
                                                                                 ("k"
                                                                                  "n!1"
                                                                                  "c0"
                                                                                  "CS(S!1)"
                                                                                  "e0"
                                                                                  "null[int]"
                                                                                  "s0"
                                                                                  "s!1"
                                                                                  "c1"
                                                                                  "cf1!1`1"
                                                                                  "e1"
                                                                                  "cf1!1`2"
                                                                                  "s1"
                                                                                  "cf1!1`3"
                                                                                  "c2"
                                                                                  "CS(S!2)"
                                                                                  "e2"
                                                                                  "null[int]"))
                                                                                (("1"
                                                                                  (assert)
                                                                                  (("1"
                                                                                    (case-replace
                                                                                     "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                                                    (("1"
                                                                                      (assert)
                                                                                      (("1"
                                                                                        (rewrite
                                                                                         "append_null")
                                                                                        (("1"
                                                                                          (rewrite
                                                                                           "append_null")
                                                                                          (("1"
                                                                                            (lemma
                                                                                             "tr_eq"
                                                                                             ("k"
                                                                                              "n!1"
                                                                                              "cf0"
                                                                                              "(append(CS(S!1), CS(S!2)), null[int], s!1)"
                                                                                              "cf1"
                                                                                              "(append(cf1!1`1, CS(S!2)), cf1!1`2, cf1!1`3)"
                                                                                              "cf2"
                                                                                              "ac2!1"))
                                                                                            (("1"
                                                                                              (assert)
                                                                                              (("1"
                                                                                                (replace
                                                                                                 -1
                                                                                                 1
                                                                                                 rl)
                                                                                                (("1"
                                                                                                  (assert)
                                                                                                  nil
                                                                                                  nil))
                                                                                                nil))
                                                                                              nil))
                                                                                            nil))
                                                                                          nil))
                                                                                        nil))
                                                                                      nil)
                                                                                     ("2"
                                                                                      (decompose-equality)
                                                                                      nil
                                                                                      nil))
                                                                                    nil))
                                                                                  nil))
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil)
                                                                       ("2"
                                                                        (assert)
                                                                        nil
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil)
                                             ("2" (assert) nil nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil)
                                   ("2" (decompose-equality) nil nil))
                                  nil))
                                nil))
                              nil)
                             ("2" (assert) nil nil))
                            nil))
                          nil))
                        nil))
                      nil)
                     ("2" (decompose-equality) nil nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("4" (skolem + ("b!1" "S!1" "S!2"))
      (("4" (skosimp*)
        (("4" (hide -1 -2)
          (("4" (expand "step")
            (("4" (expand "~")
              (("4" (expand "terminal?")
                (("4" (flatten)
                  (("4" (expand "CS" -1)
                    (("4"
                      (lemma "correct_BExp"
                       ("b" "b!1" "s" "s!1" "e" "null[int]"))
                      (("4" (skosimp)
                        (("4" (inst + "n!1+1")
                          (("4"
                            (case-replace
                             "ac!1=(append(CB(b!1), cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction])),null[int],s!1)")
                            (("1" (hide -1 -3 -4 -5)
                              (("1"
                                (case-replace
                                 "ac1!1=(IF B(b!1)(s!1) THEN CS(S!1) ELSE CS(S!2) ENDIF,null[int],s!1)")
                                (("1"
                                  (hide -1 -3 -4 -5)
                                  (("1"
                                    (lemma
                                     "code_partial"
                                     ("c0"
                                      "CB(b!1)"
                                      "e0"
                                      "null[int]"
                                      "s0"
                                      "s!1"
                                      "c1"
                                      "null[Instruction]"
                                      "e1"
                                      "cons(b2n(B(b!1)(s!1)), null[int])"
                                      "s1"
                                      "s!1"
                                      "c2"
                                      "cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction])"
                                      "e2"
                                      "null[int]"
                                      "k"
                                      "n!1"))
                                    (("1"
                                      (replace -2)
                                      (("1"
                                        (rewrite "append_null")
                                        (("1"
                                          (rewrite "append_null")
                                          (("1"
                                            (expand "append" -1 2)
                                            (("1"
                                              (case-replace
                                               "am.tr
          (n!1 + 1)
          ((append(CB(b!1),
                   cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction])),
            null[int], s!1),
           (IF B(b!1)(s!1) THEN CS(S!1) ELSE CS(S!2) ENDIF, null[int],
            s!1))")
                                              (("1"
                                                (hide -2)
                                                (("1"
                                                  (skosimp*)
                                                  (("1"
                                                    (case-replace
                                                     "n!2=0")
                                                    (("1"
                                                      (expand "tr" -5)
                                                      (("1"
                                                        (replace
                                                         -5
                                                         1
                                                         rl)
                                                        (("1"
                                                          (assert)
                                                          nil
                                                          nil))
                                                        nil))
                                                      nil)
                                                     ("2"
                                                      (case-replace
                                                       "n!2=n!1+1")
                                                      (("1"
                                                        (name-replace
                                                         "CF0"
                                                         "(append(CB(b!1),
                   cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction])),
            null[int], s!1)")
                                                        (("1"
                                                          (hide
                                                           -1
                                                           -3
                                                           -4
                                                           1)
                                                          (("1"
                                                            (simplify)
                                                            (("1"
                                                              (lemma
                                                               "tr_eq"
                                                               ("k"
                                                                "1+n!1"
                                                                "cf0"
                                                                "CF0"
                                                                "cf1"
                                                                "(IF B(b!1)(s!1) THEN CS(S!1) ELSE CS(S!2) ENDIF, null[int], s!1)"
                                                                "cf2"
                                                                "ac2!1"))
                                                              (("1"
                                                                (assert)
                                                                (("1"
                                                                  (replace
                                                                   -2
                                                                   -1)
                                                                  (("1"
                                                                    (replace
                                                                     -1
                                                                     1
                                                                     rl)
                                                                    (("1"
                                                                      (assert)
                                                                      nil
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil)
                                                       ("2"
                                                        (assert)
                                                        (("2"
                                                          (case
                                                           "1<=n!2&n!2<=n!1")
                                                          (("1"
                                                            (flatten)
                                                            (("1"
                                                              (hide
                                                               -5
                                                               1
                                                               2)
                                                              (("1"
                                                                (lemma
                                                                 "BExp_e"
                                                                 ("n"
                                                                  "n!1"
                                                                  "b"
                                                                  "b!1"
                                                                  "e"
                                                                  "null[int]"
                                                                  "s"
                                                                  "s!1"
                                                                  "pn"
                                                                  "n!2"))
                                                                (("1"
                                                                  (replace
                                                                   -5)
                                                                  (("1"
                                                                    (expand
                                                                     "length"
                                                                     -1
                                                                     2)
                                                                    (("1"
                                                                      (lemma
                                                                       "tr_add"
                                                                       ("k1"
                                                                        "n!2"
                                                                        "k2"
                                                                        "n!1-n!2"
                                                                        "cf0"
                                                                        "(CB(b!1), null[int], s!1)"
                                                                        "cf2"
                                                                        "(null[Instruction], cons(b2n(B(b!1)(s!1)), null[int]), s!1)"))
                                                                      (("1"
                                                                        (assert)
                                                                        (("1"
                                                                          (skosimp)
                                                                          (("1"
                                                                            (inst
                                                                             -
                                                                             "cf1!1")
                                                                            (("1"
                                                                              (assert)
                                                                              (("1"
                                                                                (lemma
                                                                                 "code_partial"
                                                                                 ("c0"
                                                                                  "CB(b!1)"
                                                                                  "e0"
                                                                                  "null[int]"
                                                                                  "s0"
                                                                                  "s!1"
                                                                                  "c1"
                                                                                  "cf1!1`1"
                                                                                  "e1"
                                                                                  "cf1!1`2"
                                                                                  "s1"
                                                                                  "cf1!1`3"
                                                                                  "c2"
                                                                                  "cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction])"
                                                                                  "e2"
                                                                                  "null[int]"
                                                                                  "k"
                                                                                  "n!2"))
                                                                                (("1"
                                                                                  (case-replace
                                                                                   "(cf1!1`1, cf1!1`2, cf1!1`3)=cf1!1")
                                                                                  (("1"
                                                                                    (assert)
                                                                                    (("1"
                                                                                      (rewrite
                                                                                       "append_null")
                                                                                      (("1"
                                                                                        (rewrite
                                                                                         "append_null")
                                                                                        (("1"
                                                                                          (name-replace
                                                                                           "CF0"
                                                                                           "(append(CB(b!1),
                 cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction])),
          null[int], s!1)")
                                                                                          (("1"
                                                                                            (lemma
                                                                                             "tr_eq"
                                                                                             ("k"
                                                                                              "n!2"
                                                                                              "cf0"
                                                                                              "CF0"
                                                                                              "cf1"
                                                                                              "(append(cf1!1`1,
                 cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction])),
          cf1!1`2, cf1!1`3)"
                                                                                              "cf2"
                                                                                              "ac2!1"))
                                                                                            (("1"
                                                                                              (assert)
                                                                                              (("1"
                                                                                                (replace
                                                                                                 -1
                                                                                                 -12
                                                                                                 rl)
                                                                                                (("1"
                                                                                                  (assert)
                                                                                                  (("1"
                                                                                                    (hide-all-but
                                                                                                     (-6
                                                                                                      -12))
                                                                                                    (("1"
                                                                                                      (lemma
                                                                                                       "length_is_0"
                                                                                                       ("l"
                                                                                                        "cf1!1`2"))
                                                                                                      (("1"
                                                                                                        (assert)
                                                                                                        nil
                                                                                                        nil))
                                                                                                      nil))
                                                                                                    nil))
                                                                                                  nil))
                                                                                                nil))
                                                                                              nil))
                                                                                            nil))
                                                                                          nil))
                                                                                        nil))
                                                                                      nil))
                                                                                    nil)
                                                                                   ("2"
                                                                                    (decompose-equality)
                                                                                    nil
                                                                                    nil))
                                                                                  nil))
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil)
                                                           ("2"
                                                            (hide
                                                             -1
                                                             -2
                                                             -4
                                                             -5)
                                                            (("2"
                                                              (assert)
                                                              nil
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil)
                                               ("2"
                                                (hide 2)
                                                (("2"
                                                  (lemma
                                                   "tr_add"
                                                   ("k1"
                                                    "n!1"
                                                    "k2"
                                                    "1"
                                                    "cf0"
                                                    "(append(CB(b!1),
                 cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction])),
          null[int], s!1)"
                                                    "cf2"
                                                    "(IF B(b!1)(s!1) THEN CS(S!1) ELSE CS(S!2) ENDIF, null[int],
            s!1)"))
                                                  (("2"
                                                    (replace -1)
                                                    (("2"
                                                      (hide -1)
                                                      (("2"
                                                        (inst
                                                         +
                                                         "(cons(BRANCH(CS(S!1), CS(S!2)), null[Instruction]),
          cons(b2n(B(b!1)(s!1)), null[int]), s!1)")
                                                        (("2"
                                                          (replace -1)
                                                          (("2"
                                                            (hide
                                                             -1
                                                             -2)
                                                            (("2"
                                                              (expand
                                                               "tr")
                                                              (("2"
                                                                (expand
                                                                 "step")
                                                                (("2"
                                                                  (expand
                                                                   "check1")
                                                                  (("2"
                                                                    (expand
                                                                     "tr")
                                                                    (("2"
                                                                      (expand
                                                                       "top")
                                                                      (("2"
                                                                        (expand
                                                                         "pop")
                                                                        (("2"
                                                                          (case-replace
                                                                           "B(b!1)(s!1)")
                                                                          (("1"
                                                                            (expand
                                                                             "b2n")
                                                                            (("1"
                                                                              (rewrite
                                                                               "append_null")
                                                                              nil
                                                                              nil))
                                                                            nil)
                                                                           ("2"
                                                                            (assert)
                                                                            (("2"
                                                                              (expand
                                                                               "b2n")
                                                                              (("2"
                                                                                (rewrite
                                                                                 "append_null")
                                                                                nil
                                                                                nil))
                                                                              nil))
                                                                            nil))
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil)
                                 ("2" (decompose-equality) nil nil))
                                nil))
                              nil)
                             ("2" (decompose-equality) nil nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil)
     ("5" (skolem + ("b!1" "S!1"))
      (("5" (skosimp*)
        (("5" (expand "step" -3)
          (("5" (hide -1)
            (("5" (expand "~")
              (("5" (expand "terminal?")
                (("5" (flatten)
                  (("5" (expand "CS")
                    (("5" (expand "CS" -4)
                      (("5" (expand "CS" -4 2)
                        (("5" (inst + "1")
                          (("5" (expand "tr" 1)
                            (("5" (assert)
                              (("5"
                                (expand "step" 1)
                                (("5"
                                  (replace -1)
                                  (("5"
                                    (assert)
                                    (("5"
                                      (expand "tr" 1 1)
                                      (("5"
                                        (name-replace
                                         "CODE0"
                                         "cons(LOOP(CB(b!1), CS(S!1)), null[Instruction])")
                                        (("5"
                                          (name-replace
                                           "CODE1"
                                           "append(CB(b!1),
              cons(BRANCH(append(CS(S!1), CODE0), cons(NOOP, null[Instruction])), null[Instruction]))")
                                          (("5"
                                            (case-replace
                                             "(CODE1, ac!1`2, ac!1`3) = ac1!1")
                                            (("1"
                                              (case-replace
                                               "ac!1 = ac1!1")
                                              (("1"
                                                (decompose-equality)
                                                (("1"
                                                  (replace -6)
                                                  (("1"
                                                    (hide-all-but -3)
                                                    (("1"
                                                      (expand "CODE1")
                                                      (("1"
                                                        (expand
                                                         "CODE0")
                                                        (("1"
                                                          (lemma
                                                           "nonnull_CB"
                                                           ("b" "b!1"))
                                                          (("1"
                                                            (lemma
                                                             "length_append"
                                                             ("l1"
                                                              "CB(b!1)"
                                                              "l2"
                                                              "cons(BRANCH(append(CS(S!1),
                                cons(LOOP(CB(b!1), CS(S!1)),
                                     null[Instruction])),
                         cons(NOOP, null[Instruction])),
                  null[Instruction])"))
                                                            (("1"
                                                              (replace
                                                               -2)
                                                              (("1"
                                                                (expand
                                                                 "length"
                                                                 -1
                                                                 1)
                                                                (("1"
                                                                  (expand
                                                                   "length"
                                                                   -1
                                                                   1)
                                                                  (("1"
                                                                    (expand
                                                                     "length"
                                                                     -1
                                                                     2)
                                                                    (("1"
                                                                      (expand
                                                                       "length"
                                                                       -1
                                                                       2)
                                                                      (("1"
                                                                        (lemma
                                                                         "length_is_0"
                                                                         ("l"
                                                                          "CB(b!1)"))
                                                                        (("1"
                                                                          (assert)
                                                                          nil
                                                                          nil))
                                                                        nil))
                                                                      nil))
                                                                    nil))
                                                                  nil))
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil)
                                               ("2"
                                                (assert)
                                                (("2"
                                                  (skosimp)
                                                  (("2"
                                                    (case-replace
                                                     "n!1=0")
                                                    (("1"
                                                      (replace
                                                       -10
                                                       *
                                                       rl)
                                                      (("1"
                                                        (replace -4)
                                                        (("1"
                                                          (assert)
                                                          nil
                                                          nil))
                                                        nil))
                                                      nil)
                                                     ("2"
                                                      (case-replace
                                                       "n!1=1")
                                                      (("1"
                                                        (assert)
                                                        (("1"
                                                          (expand
                                                           "tr"
                                                           -10)
                                                          (("1"
                                                            (replace
                                                             -10
                                                             *
                                                             rl)
                                                            (("1"
                                                              (replace
                                                               -7)
                                                              (("1"
                                                                (assert)
                                                                nil
                                                                nil))
                                                              nil))
                                                            nil))
                                                          nil))
                                                        nil)
                                                       ("2"
                                                        (assert)
                                                        nil
                                                        nil))
                                                      nil))
                                                    nil))
                                                  nil))
                                                nil))
                                              nil)
                                             ("2"
                                              (decompose-equality)
                                              nil
                                              nil))
                                            nil))
                                          nil))
                                        nil))
                                      nil))
                                    nil))
                                  nil))
                                nil))
                              nil))
                            nil))
                          nil))
                        nil))
                      nil))
                    nil))
                  nil))
                nil))
              nil))
            nil))
          nil))
        nil))
      nil))
    nil)
   ((CODE1 skolem-const-decl "list[Instruction[V]]" bisimulation nil)
    (nonnull_CB formula-decl nil compiler nil)
    (length_append formula-decl nil list_props nil)
    (CODE0 skolem-const-decl "(cons?[Instruction[V]])" bisimulation
     nil)
    (LOOP? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (LOOP adt-constructor-decl
     "[[list[Instruction], list[Instruction]] -> (LOOP?)]" Instruction
     nil)
    (correct_BExp formula-decl nil bisimulation nil)
    (BExp type-decl nil BExp nil)
    (BExp_e formula-decl nil bisimulation nil)
    (b2n const-decl "nbit" bit nil) (nbit type-eq-decl nil bit nil)
    (< const-decl "bool" reals nil)
    (B def-decl "[State -> bool]" BExp nil)
    (CB def-decl "Code" compiler nil)
    (BRANCH? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (BRANCH adt-constructor-decl
     "[[list[Instruction], list[Instruction]] -> (BRANCH?)]"
     Instruction nil)
    (s adt-accessor-decl "[(I?) -> State[V]]" sos nil)
    (S adt-accessor-decl "[(I?) -> Stm[V]]" sos nil)
    (S!1 skolem-const-decl "Stm[V]" bisimulation nil)
    (s!1 skolem-const-decl "State[V]" bisimulation nil)
    (s1 adt-accessor-decl "[(T?) -> State[V]]" sos nil)
    (minus_odd_is_odd application-judgement "odd_int" integers nil)
    (T? adt-recognizer-decl "[Config -> boolean]" sos nil)
    (Sequence? adt-recognizer-decl "[Stm -> boolean]" Stm nil)
    (Sequence adt-constructor-decl "[[Stm, Stm] -> (Sequence?)]" Stm
     nil)
    (NOOP adt-constructor-decl "(NOOP?)" Instruction nil)
    (NOOP? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (odd_minus_odd_is_even application-judgement "even_int" integers
     nil)
    (terminal? const-decl "bool" sos nil)
    (CS def-decl "Code" compiler nil)
    (int_minus_int_is_int application-judgement "int" integers nil)
    (assign const-decl "State" State nil)
    (IF const-decl "[boolean, T, T -> T]" if_def nil)
    (AExp_e formula-decl nil bisimulation nil)
    (length def-decl "nat" list_props nil)
    (tr_add formula-decl nil am nil)
    (- const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (real_ge_is_total_order name-judgement "(total_order?[real])"
     real_props nil)
    (real_le_is_total_order name-judgement "(total_order?[real])"
     real_props nil)
    (length_is_0 formula-decl nil list_props_aux nil)
    (tr_eq formula-decl nil am nil)
    (append_null formula-decl nil list_props nil)
    (code_partial formula-decl nil am nil)
    (real_gt_is_strict_total_order name-judgement
     "(strict_total_order?[real])" real_props nil)
    (int_plus_int_is_int application-judgement "int" integers nil)
    (posint_plus_nnint_is_posint application-judgement "posint"
     integers nil)
    (real_lt_is_strict_total_order name-judgement
     "(strict_total_order?[real])" real_props nil)
    (check1 const-decl "bool" am nil) (top const-decl "int" am nil)
    (pop const-decl "Stack" am nil) (step const-decl "Config" am nil)
    (numfield nonempty-type-eq-decl nil number_fields nil)
    (+ const-decl "[numfield, numfield -> numfield]" number_fields nil)
    (nnint_plus_posint_is_posint application-judgement "posint"
     integers nil)
    (correct_AExp formula-decl nil bisimulation nil)
    (assign const-decl "State" State nil)
    (A def-decl "[State -> int]" AExp nil)
    (append def-decl "list[T]" list_props nil)
    (AExp type-decl nil AExp nil) (CA def-decl "Code" compiler nil)
    (cons? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (cons adt-constructor-decl "[[T, list] -> (cons?)]" list_adt nil)
    (STORE? adt-recognizer-decl "[Instruction -> boolean]" Instruction
     nil)
    (STORE adt-constructor-decl "[V -> (STORE?)]" Instruction nil)
    (null adt-constructor-decl "(null?)" list_adt nil)
    (Stm_induction formula-decl nil Stm nil)
    (V formal-nonempty-type-decl nil bisimulation nil)
    (= const-decl "[T, T -> boolean]" equalities nil)
    (OR const-decl "[bool, bool -> bool]" booleans nil)
    (null? adt-recognizer-decl "[list -> boolean]" list_adt nil)
    (IFF const-decl "[bool, bool -> bool]" booleans nil)
    (<= const-decl "bool" reals nil) (tr def-decl "bool" am nil)
    (nat nonempty-type-eq-decl nil naturalnumbers nil)
    (posnat nonempty-type-eq-decl nil integers nil)
    (> const-decl "bool" reals nil)
    (nonneg_int nonempty-type-eq-decl nil integers nil)
    (>= const-decl "bool" reals nil) (step def-decl "[Config]" sos nil)
    (I adt-constructor-decl "[[Stm[V], State[V]] -> (I?)]" sos nil)
    (I? adt-recognizer-decl "[Config -> boolean]" sos nil)
    (~ const-decl "bool" bisimulation nil)
    (Config type-decl nil sos nil)
    (IMPLIES const-decl "[bool, bool -> bool]" booleans nil)
    (Config nonempty-type-eq-decl nil am nil)
    (State nonempty-type-eq-decl nil State nil)
    (int nonempty-type-eq-decl nil integers nil)
    (Stack nonempty-type-eq-decl nil am nil)
    (integer_pred const-decl "[rational -> boolean]" integers nil)
    (rational nonempty-type-from-decl nil rationals nil)
    (rational_pred const-decl "[real -> boolean]" rationals nil)
    (real nonempty-type-from-decl nil reals nil)
    (real_pred const-decl "[number_field -> boolean]" reals nil)
    (number_field nonempty-type-from-decl nil number_fields nil)
    (number_field_pred const-decl "[number -> boolean]" number_fields
     nil)
    (AND const-decl "[bool, bool -> bool]" booleans nil)
    (every adt-def-decl "boolean" list_adt nil)
    (PRED type-eq-decl nil defined_types nil)
    (bool nonempty-type-eq-decl nil booleans nil)
    (number nonempty-type-decl nil numbers nil)
    (Code nonempty-type-eq-decl nil Instruction nil)
    (list type-decl nil list_adt nil)
    (Instruction type-decl nil Instruction nil)
    (boolean nonempty-type-decl nil booleans nil)
    (Stm type-decl nil Stm nil))
   shostak))
 (am_steps 0
  (am_steps-1 nil 3399357571
   (""
    (lemma "NAT_induction"
     ("p" "lambda (m:nat): FORALL (S: Stm, s0, s1: State):
        am.tr
            (m)((CS(S), null[int], s0), (null[Instruction], null[int], s1))
         => (EXISTS n: sos.tr(n)(sos.I(S, s0), T(s1)))"))
    (("" (split)
      (("1" (skosimp)
        (("1" (inst - "m!1")
          (("1" (inst - "S!1" "s0!1" "s1!1") (("1" (assert) nil nil))
            nil))
          nil))
        nil)
       ("2" (hide 2)
        (("2" (skosimp*)
          (("2" (case-replace "j!1=0")
            (("1" (inst + "0")
              (("1" (hide -1 -2)
                (("1" (expand "tr")
                  (("1" (flatten)
                    (("1" (lemma "nonnull_CS" ("S" "S!1"))
                      (("1" (assert) nil nil)) nil))
                    nil))
                  nil))
                nil))
              nil)
             ("2" (case "j!1>=1")
              (("1" (hide 1)
                (("1" (case "T?(step(S!1, s0!1))")
                  (("1" (inst + "1")
                    (("1" (expand "tr" 1)
                      (("1" (expand "tr" 1)
                        (("1" (hide-all-but (-1 1 -4 -2))
                          (("1" (expand "step")
                            (("1" (assert)
                              (("1"
                                (lift-if)
                                (("1"
                                  (assert)
                                  (("1"
                                    (case-replace "Assign?(S!1)")
                                    (("1"
                                      (expand "CS")
                                      (("1"
                                        (assert)
                                        (("1"
                                          (name-replace "x!1" "x(S!1)")
                                          (("1"
                                            (name-replace
                                             "a!1"
                                             "a(S!1)")
                                            (("1"
                                              (hide -1)
                                              (("1"
                                                (decompose-equality)
                                                (("1"
                                                  (lemma
                                                   "correct_AExp"
                                                   ("a"
                                                    "a!1"
                                                    "e"
                                                    "null[int]"
                                                    "s"
                                                    "s0!1"))
                                                  (("1"
                                                    (skosimp)
                                                    (("1"
                                                      (lemma
                                                       "code_partial"
                                                       ("c0"
                                                        "CA(a!1)"
                                                        "e0"
                                                        "null[int]"
                                                        "s0"
                                                        "s0!1"
                                                        "c1"
                                                        "null[Instruction]"
                                                        "e1"
                                                        "cons(A(a!1)(s0!1), null[int])"
                                                        "s1"
                                                        "s0!1"
                                                        "c2"
                                                        "cons(STORE(x!1), null[Instruction])"
                                                        "e2"
                                                        "null[int]"
                                                        "k"
                                                        "n!1"))
                                                      (("1"
                                                        (assert)
                                                        (("1"
                                                          (rewrite
                                                           "append_null")
                                                          (("1"
                                                            (rewrite
                                                             "append_null")
                                                            (("1"
                                                              (expand
                                                               "append"
                                                               -1
                                                               2)
                                                              (("1"
                                                                (lemma
                                                                 "code_split"
                                                                 ("k"
                                                                  "j!1"
                                                                  "c1"
                                                                  "CA(a!1)"
                                                                  "e"
                                                                  "null[int]"
                                                                  "s"
                                                                  "s0!1"
                                                                  "c2"
                                                                  "cons(STORE(x!1), null[Instruction])"
                                                                  "e2"
                                                                  "null[int]"
                                                                  "s2"
                                                                  "s1!1"))
                                                                (("1"
                                                                  (replace
                                                                   -5)
                                                                  (("1"
                                                                    (skosimp)
                                                                    (("1"
                                                                      (lemma
                                                                       "eq_AExp"
                                                                       ("a"
                                                                        "a!1"
                                                                        "e"
                                                                        "null[int]"
                                                                        "s"
                                                                        "s0!1"
                                                                        "ac"
                                                                        "(null[Instruction], e1!1, s1!2)"
                                                                        "n"
                                                                        "n!1"
                                                                        "m"
                                                                        "k1!1"))
                                                                      (("1"
                                                                        (assert)
                                                                        (("1"
                                                                          (flatten)
                                                                          (("1"
                                                                            (replace
                                                                             -1)
                                                                            (("1"
                                                                              (replace
                                                                               -2)
                                                                              (("1"
                                                                                (replace
                                                                                 -3)
                                                                                (("1"
                                                                                  (hide
                                                                                   -1
                                                                                   -2
                                                                                   -3
                                                                                   -8)
                                                                                  (("1"
                                                                                    (case-replace
                                                                                     "k2!1=1")
                                                                                    (("1"
                                                                                      (hide
                                                                                       -1)
                                                                                      (("1"
                                                                                        (hide-all-but
                                                                                         (-2
                                                                                          1))
                                                                                        (("1"
                                                                                          (expand
                                                                                           "tr")
                                                                                          (("1"
                                                                                            (expand
                                                                                             "tr")
                                                                                            (("1"
                                                                                              (expand
                                                                                               "step")
                                                                                              (("1"
                                                                                                (expand
                                                                                                 "check1")
                                                                                                (("1"
                                                                                                  (expand
                                                                                                   "pop")
                                                                                                  (("1"
                                                                                                    (expand
                                                                                                     "top")
                                                                                                    (("1"
                                                                                                      (expand
                                                                                                       "assign"
                                                                                                       1)
                                                                                                      (("1"
                                                                                                        (propax)
                                                                                                        nil
                                                                                                        nil))
                                                                                                      nil))
                                                                                                    nil))
                                                                                                  nil))
                                                                                                nil))
                                                                                              nil))
                                                                                            nil))
                                                                                          nil))
                                                                                        nil))
                                                                                      nil)
                                                                                     ("2"
                                                                                      (hide-all-but
                                                                                       (-2
                                                                                        1))
                                                                                      (("2"
                                                                                        (case-replace
                                                                                         "k2!1=0")
                                                                                        (("1"
                                                                                          (expand
                                                                                           "tr")
                                                                                          (("1"
                                                                                            (propax)
                                                                                            nil
                                                                                            nil))
                                                                                          nil)
                                                                                         ("2"
                                                                                          (expand
                                                                                           "tr")
                                                                                          (("2"
                                                                                            (assert)
                                                                                            (("2"
                                                                                              (flatten)
                                                                                              (("2"
                                                                                                (expand
                                                                                                 "step")
                                                                                                (("2"
                                                                                                  (expand
                                                                                                   "check1")
                                                                                                  (("2"
                                                                                                    (expand
                                                                                                     "pop")
                                                                                                    (("2"
                                                                                                      (expand
                                                                                                       "top")
                                                                                                      (("2"
                                                                                                        (expand
                                                                                                         "tr")
                                                                                                        (("2"
                                                                                                          (propax)
                                                                                                          nil
--> --------------------

--> maximum size reached

--> --------------------