% bin/jahob.opt -verbose BubbleSort.java Node.java -nobackground -usedp cvcl _ _ _ _____ | | __ _| |__ ___ | |__ / \ _ | |/ _` | '_ \ / _ \| '_ \ x <==| (J) |===. | |_| | (_| | | | | (_) | |_) | ======+=======+===" F \____/\__,_|_| |_|\___/|_.__/ \_____/ Analyzing class BubbleSort. Checking initial state of class BubbleSort opening lemma file : BubbleSort_INIT-lemmas.thy No lemma file BubbleSort_INIT-lemmas.thyEnd of file while searching for lemma keyword at position 0. Retrieved 0 lemmas from lemma file BubbleSort_INIT-lemmas.thy. Generated 0 proof obligations. Checking rep of class BubbleSort opening lemma file : BubbleSort_REP-lemmas.thy No lemma file BubbleSort_REP-lemmas.thyEnd of file while searching for lemma keyword at position 0. Retrieved 0 lemmas from lemma file BubbleSort_REP-lemmas.thy. Generated 0 proof obligations. Now analyzing: ==== Procedure BubbleSort.sort ==== Generating VCs... Using direct VC generation. Done generating VCs. Processing VCs...opening lemma file : sort_BubbleSort-lemmas.thy No lemma file sort_BubbleSort-lemmas.thyEnd of file while searching for lemma keyword at position 0. Retrieved 0 lemmas from lemma file sort_BubbleSort-lemmas.thy. Generated 1 proof obligations. Trivially true. eProved during splitting: ([|(~((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool)); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj))))) Trivially true. eProved during splitting: ([|(~((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool)); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj))))))) Trivially true. eProved during splitting: ([|(~((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool)); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj))))))) Trivially true. eProved during splitting: ([|(~((intless (i_43 :: int) (j_20 :: int)) :: bool)); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((i_43 :: int) <= (j_20 :: int)); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj))))) Trivially true. eProved during splitting: ([|(~((intless (i_43 :: int) (j_20 :: int)) :: bool)); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((i_43 :: int) <= (j_20 :: int)); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj))))))) Trivially true. eProved during splitting: ([|(~((intless (i_43 :: int) (j_20 :: int)) :: bool)); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((i_43 :: int) <= (j_20 :: int)); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj))))))) Trivially true. eProved during splitting: ([|(~((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)); ((intless (i_43 :: int) (j_20 :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((i_43 :: int) <= (j_20 :: int)); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj))))) Trivially true. eProved during splitting: ([|(~((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)); ((intless (i_43 :: int) (j_20 :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((i_43 :: int) <= (j_20 :: int)); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj))))))) Trivially true. eProved during splitting: ([|(~((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)); ((intless (i_43 :: int) (j_20 :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((i_43 :: int) <= (j_20 :: int)); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj))))))) Trivially true. eProved during splitting: ([|(~((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)); ((intless (i_43 :: int) (j_20 :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((i_43 :: int) <= (j_20 :: int)); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int))))) Trivially true. eProved during splitting: ([|(~((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)); ((intless (i_43 :: int) (j_20 :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((i_43 :: int) <= (j_20 :: int)); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int))))) Trivially true. eProved during splitting: ([|((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool); ((intless (i_43 :: int) (j_20 :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((i_43 :: int) <= (j_20 :: int)); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> comment ''ArrayNullCheck'' ((a :: obj) ~= (null :: obj))) Trivially true. eProved during splitting: ([|((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj))))) Trivially true. eProved during splitting: ([|((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj))))))) Trivially true. eProved during splitting: ([|((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj))))))) Trivially true. eProved during splitting: ([|((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int))))) Trivially true. eProved during splitting: ([|((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int))))) eProved during splitting: ([|((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int))) Trivially true. eProved during splitting: ([|((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> ((i_43 :: int) <= ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int))) Trivially true. eProved during splitting: ([|((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> comment ''NullCheckFieldArray_length'' ((a :: obj) ~= (null :: obj))) Trivially true. eProved during splitting: ([|(ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); ((0 :: int) <= (i_43 :: int)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> comment ''NullCheckFieldArray_length'' ((a :: obj) ~= (null :: obj))) eProved during splitting: ([|(~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int). (((a1_bv288 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) a1_bv288 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1_bv288 k) :: obj))))) eProved during splitting: ([|(~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> ((0 :: int) <= (0 :: int))) eProved during splitting: ([|((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> (ALL (k::int). (((a1_bv336 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) a1_bv336 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1_bv336 k) :: obj))))) Trivially true. eProved during splitting: ([|comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); comment ''a_type'' ((a :: obj) : (Array :: obj set)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); ((a :: obj) ~= (null :: obj))|] ==> comment ''NullCheckFieldArray_length'' ((a :: obj) ~= (null :: obj))) Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool); comment ''ReturnStatement'' ((0 :: int) <= (k_bv358 :: int)); comment ''ReturnStatement'' (intless k_bv358 ((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)))|] ==> comment ''ReturnStatement'' (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k_bv358)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) (intplus k_bv358 (1 :: int)))) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool); comment ''ReturnStatement'' ((0 :: int) <= (k_bv351 :: int)); comment ''ReturnStatement'' (intless k_bv351 ((Array_length :: (obj => int)) (a :: obj)))|] ==> comment ''ReturnStatement'' (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k_bv351) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj))))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool); comment ''ReturnStatement'' ((0 :: int) <= (k_bv344 :: int)); comment ''ReturnStatement'' (intless k_bv344 ((Array_length :: (obj => int)) (a :: obj)))|] ==> comment ''ReturnStatement'' (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k_bv344) :: obj))))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool))|] ==> comment ''InvHoldsInitially'' ((0 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''InvHoldsInitially'' ((0 :: int) <= (k_bv318 :: int)); comment ''InvHoldsInitially'' (intless k_bv318 ((0 :: int) - (1 :: int)))|] ==> comment ''InvHoldsInitially'' (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k_bv318)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) (intplus k_bv318 (1 :: int)))) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''InvHoldsInitially'' ((0 :: int) <= (k_bv304 :: int)); comment ''InvHoldsInitially'' (intless k_bv304 (0 :: int)); comment ''InvHoldsInitially'' ((0 :: int) <= (l_bv311 :: int)); comment ''InvHoldsInitially'' (intless l_bv311 ((Array_length :: (obj => int)) (a :: obj)))|] ==> comment ''InvHoldsInitially'' (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k_bv304)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l_bv311)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''InvHoldsInitially'' ((0 :: int) <= (k_bv303 :: int)); comment ''InvHoldsInitially'' (intless k_bv303 ((Array_length :: (obj => int)) (a :: obj)))|] ==> comment ''InvHoldsInitially'' (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k_bv303) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj))))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); comment ''InvHoldsInitially'' ((0 :: int) <= (k_bv296 :: int)); comment ''InvHoldsInitially'' (intless k_bv296 ((Array_length :: (obj => int)) (a :: obj)))|] ==> comment ''InvHoldsInitially'' (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k_bv296) :: obj))))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); comment ''InvHoldsInitially'' (intless ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int) k_bv287); comment ''InvHoldsInitially'' (intless k_bv287 ((Array_length :: (obj => int)) (a :: obj)))|] ==> comment ''InvHoldsInitially'' (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k_bv287)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool)|] ==> comment ''ReadArrayBoundsCheck'' ((0 :: int) <= (j_20 :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool)|] ==> comment ''ReadArrayBoundsCheck'' (intless (j_20 :: int) (fieldRead (Array_length :: (obj => int)) (a :: obj)))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool)|] ==> comment ''NullCheckFieldNode_key'' (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj) ~= (null :: obj))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool)|] ==> comment ''ReadArrayBoundsCheck'' ((0 :: int) <= (((j_20 :: int) - (1 :: int)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool)|] ==> comment ''ReadArrayBoundsCheck'' (intless (((j_20 :: int) - (1 :: int)) :: int) (fieldRead (Array_length :: (obj => int)) (a :: obj)))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool)|] ==> comment ''NullCheckFieldNode_key'' (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj) ~= (null :: obj))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)|] ==> comment ''ReadArrayBoundsCheck'' ((0 :: int) <= (j_20 :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)|] ==> comment ''ReadArrayBoundsCheck'' (intless (j_20 :: int) (fieldRead (Array_length :: (obj => int)) (a :: obj)))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)|] ==> comment ''ReadArrayBoundsCheck'' ((0 :: int) <= (((j_20 :: int) - (1 :: int)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)|] ==> comment ''ReadArrayBoundsCheck'' (intless (((j_20 :: int) - (1 :: int)) :: int) (fieldRead (Array_length :: (obj => int)) (a :: obj)))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)|] ==> comment ''WriteArrayBoundsCheck'' ((0 :: int) <= (j_20 :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)|] ==> comment ''WriteArrayBoundsCheck'' (intless (j_20 :: int) (fieldRead (Array_length :: (obj => int)) (a :: obj)))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)|] ==> comment ''WriteArrayBoundsCheck'' ((0 :: int) <= (((j_20 :: int) - (1 :: int)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)|] ==> comment ''WriteArrayBoundsCheck'' (intless (((j_20 :: int) - (1 :: int)) :: int) (fieldRead (Array_length :: (obj => int)) (a :: obj)))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)|] ==> comment ''InvPreservation'' ((i_43 :: int) <= (((j_20 :: int) - (1 :: int)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)|] ==> comment ''InvPreservation'' ((((j_20 :: int) - (1 :: int)) :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool); comment ''InvPreservation'' (intless (((j_20 :: int) - (1 :: int)) :: int) k_bv270); comment ''InvPreservation'' (intless k_bv270 ((Array_length :: (obj => int)) (a :: obj)))|] ==> comment ''InvPreservation'' (((fieldRead (Node_key :: (obj => int)) (arrayRead ((arrayWrite ((arrayWrite (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead ((arrayWrite ((arrayWrite (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) k_bv270)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool); comment ''InvPreservation'' ((0 :: int) <= (k_bv245 :: int)); comment ''InvPreservation'' (intless k_bv245 ((i_43 :: int) - (1 :: int)))|] ==> comment ''InvPreservation'' (((fieldRead (Node_key :: (obj => int)) (arrayRead ((arrayWrite ((arrayWrite (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) k_bv245)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead ((arrayWrite ((arrayWrite (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) (intplus k_bv245 (1 :: int)))) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool); comment ''InvPreservation'' ((0 :: int) <= (k_bv195 :: int)); comment ''InvPreservation'' (intless k_bv195 (i_43 :: int)); comment ''InvPreservation'' ((i_43 :: int) <= (l_bv220 :: int)); comment ''InvPreservation'' (intless l_bv220 ((Array_length :: (obj => int)) (a :: obj)))|] ==> comment ''InvPreservation'' (((fieldRead (Node_key :: (obj => int)) (arrayRead ((arrayWrite ((arrayWrite (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) k_bv195)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead ((arrayWrite ((arrayWrite (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) l_bv220)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool); comment ''InvPreservation'' ((0 :: int) <= (k_bv194 :: int)); comment ''InvPreservation'' (intless k_bv194 ((Array_length :: (obj => int)) (a :: obj)))|] ==> comment ''InvPreservation'' (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead ((arrayWrite ((arrayWrite (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) k_bv194) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj))))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool); comment ''InvPreservation'' ((0 :: int) <= (k_bv169 :: int)); comment ''InvPreservation'' (intless k_bv169 ((Array_length :: (obj => int)) (a :: obj)))|] ==> comment ''InvPreservation'' (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead ((arrayWrite ((arrayWrite (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k_bv169) :: obj))))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); ((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool); comment ''InvPreservation'' ((a1_bv119 :: obj) ~= (a :: obj))|] ==> comment ''InvPreservation'' (((arrayRead ((arrayWrite ((arrayWrite (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: (obj => (int => obj))) a1_bv119 k_bv144) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1_bv119 k_bv144) :: obj))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); (~((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool))|] ==> comment ''InvPreservation'' ((i_43 :: int) <= (((j_20 :: int) - (1 :: int)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); (~((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool))|] ==> comment ''InvPreservation'' ((((j_20 :: int) - (1 :: int)) :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) (j_20 :: int)) :: bool); (~((intless ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int)) :: obj)) :: int) ((fieldRead (Node_key :: (obj => int)) ((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int)) :: obj)) :: int)) :: bool)); comment ''InvPreservation'' (intless (((j_20 :: int) - (1 :: int)) :: int) k_bv118); comment ''InvPreservation'' (intless k_bv118 ((Array_length :: (obj => int)) (a :: obj)))|] ==> comment ''InvPreservation'' (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (((j_20 :: int) - (1 :: int)) :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k_bv118)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (~((intless (i_43 :: int) (j_20 :: int)) :: bool))|] ==> comment ''InvPreservation'' ((0 :: int) <= ((intplus (i_43 :: int) (1 :: int)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (~((intless (i_43 :: int) (j_20 :: int)) :: bool))|] ==> comment ''InvPreservation'' (((intplus (i_43 :: int) (1 :: int)) :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (~((intless (i_43 :: int) (j_20 :: int)) :: bool)); comment ''InvPreservation'' ((0 :: int) <= (k_bv93 :: int)); comment ''InvPreservation'' (intless k_bv93 (((intplus (i_43 :: int) (1 :: int)) :: int) - (1 :: int)))|] ==> comment ''InvPreservation'' (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k_bv93)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k_bv93 (1 :: int)))) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); ((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool); ((i_43 :: int) <= (j_20 :: int)); ((j_20 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). (((intless (j_20 :: int) k) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (j_20 :: int))) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_23 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (~((intless (i_43 :: int) (j_20 :: int)) :: bool)); comment ''InvPreservation'' ((0 :: int) <= (k_bv45 :: int)); comment ''InvPreservation'' (intless k_bv45 ((intplus (i_43 :: int) (1 :: int)) :: int)); comment ''InvPreservation'' (((intplus (i_43 :: int) (1 :: int)) :: int) <= (l_bv69 :: int)); comment ''InvPreservation'' (intless l_bv69 ((Array_length :: (obj => int)) (a :: obj)))|] ==> comment ''InvPreservation'' (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) k_bv45)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_23 :: (obj => (int => obj))) (a :: obj) l_bv69)) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. Proof obligation: ([|((a :: obj) ~= (null :: obj)); ((0 :: int) <= (((Array_length :: (obj => int)) (a :: obj)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj) ~= (null :: obj)))); comment ''a_type'' ((a :: obj) : (Array :: obj set)); comment ''a_type'' ((a :: obj) : (Object_alloc :: obj set)); (~((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) = (0 :: int)) :: bool)); ((0 :: int) <= (i_43 :: int)); ((i_43 :: int) <= (((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((i_43 :: int) - (1 :: int)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k (1 :: int)))) :: int)))); (ALL (k::int) (l::int). ((((0 :: int) <= (k :: int)) & (intless k (i_43 :: int)) & ((i_43 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj)))) --> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l)) :: int)))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) l) :: obj)))))); (ALL (k::int). ((((0 :: int) <= (k :: int)) & (intless k ((Array_length :: (obj => int)) (a :: obj)))) --> (EX (l::int). (((0 :: int) <= (l :: int)) & (intless l ((Array_length :: (obj => int)) (a :: obj))) & (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) l) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) (a :: obj) k) :: obj)))))); (ALL (a1::obj) (k::int). (((a1 :: obj) ~= (a :: obj)) --> (((arrayRead (Array_arrayState_47 :: (obj => (int => obj))) a1 k) :: obj) = ((arrayRead (Array_arrayState :: (obj => (int => obj))) a1 k) :: obj)))); (~((intless (i_43 :: int) ((((fieldRead (Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)) :: int)) :: bool)); ((0 :: int) <= (k_bv44 :: int)); (intless k_bv44 ((((Array_length :: (obj => int)) (a :: obj)) :: int) - (1 :: int)))|] ==> (((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) k_bv44)) :: int) <= ((fieldRead (Node_key :: (obj => int)) (arrayRead (Array_arrayState_47 :: (obj => (int => obj))) (a :: obj) (intplus k_bv44 (1 :: int)))) :: int))) .Running Built-in validity checker (after splitting)... Built-in validity checker (after splitting) failed to prove formula. Running CVC Lite... CVC Lite proved formula. ====================================================================== Built-in validity checker proved 25 sequents during splitting. CVC Lite proved 39 out of 39 sequents. Total time : 28.7 s ====================================================================== A total of 64 sequents out of 64 proved. Done analyzing Procedure BubbleSort.sort. Analyzing class Node. Checking initial state of class Node opening lemma file : Node_INIT-lemmas.thy No lemma file Node_INIT-lemmas.thyEnd of file while searching for lemma keyword at position 0. Retrieved 0 lemmas from lemma file Node_INIT-lemmas.thy. Generated 1 proof obligations. Trivially true. eProved during splitting: ([|(ALL (this::obj). (((Node_key this) :: int) = (0 :: int))); (Node_hidden = {}); ((Object_alloc :: obj set) = ({null} :: obj set))|] ==> (ALL (this::obj). (((Node_key this) :: int) = (0 :: int)))) ====================================================================== Built-in validity checker proved 1 sequents during splitting. ====================================================================== A total of 1 sequents out of 1 proved. Checking rep of class Node opening lemma file : Node_REP-lemmas.thy No lemma file Node_REP-lemmas.thyEnd of file while searching for lemma keyword at position 0. Retrieved 0 lemmas from lemma file Node_REP-lemmas.thy. Generated 0 proof obligations. Analyzing class Array. Checking initial state of class Array opening lemma file : Array_INIT-lemmas.thy No lemma file Array_INIT-lemmas.thyEnd of file while searching for lemma keyword at position 0. Retrieved 0 lemmas from lemma file Array_INIT-lemmas.thy. Generated 1 proof obligations. Trivially true. eProved during splitting: ([|(ALL (this::obj). (((Array_length this) :: int) = (0 :: int))); (Array_hidden = {}); ((Object_alloc :: obj set) = ({null} :: obj set))|] ==> (ALL (this::obj). (((Array_length this) :: int) = (0 :: int)))) ====================================================================== Built-in validity checker proved 1 sequents during splitting. ====================================================================== A total of 1 sequents out of 1 proved. Checking rep of class Array opening lemma file : Array_REP-lemmas.thy No lemma file Array_REP-lemmas.thyEnd of file while searching for lemma keyword at position 0. Retrieved 0 lemmas from lemma file Array_REP-lemmas.thy. Generated 0 proof obligations. Analyzing class Object. Checking initial state of class Object opening lemma file : Object_INIT-lemmas.thy No lemma file Object_INIT-lemmas.thyEnd of file while searching for lemma keyword at position 0. Retrieved 0 lemmas from lemma file Object_INIT-lemmas.thy. Generated 0 proof obligations. Checking rep of class Object opening lemma file : Object_REP-lemmas.thy No lemma file Object_REP-lemmas.thyEnd of file while searching for lemma keyword at position 0. Retrieved 0 lemmas from lemma file Object_REP-lemmas.thy. Generated 0 proof obligations. Now analyzing: ==== Procedure Object.hashCode ==== Generating VCs... Using direct VC generation. Done generating VCs. Processing VCs...opening lemma file : hashCode_Object-lemmas.thy No lemma file hashCode_Object-lemmas.thyEnd of file while searching for lemma keyword at position 0. Retrieved 0 lemmas from lemma file hashCode_Object-lemmas.thy. Generated 1 proof obligations. eProved during splitting: (True --> True) ====================================================================== Built-in validity checker proved 1 sequents during splitting. ====================================================================== A total of 1 sequents out of 1 proved. Done analyzing Procedure Object.hashCode. 0=== Verification SUCCEEDED.