% TIMEFORMAT='%3R'; { time (exec 2>&1; /home/martin/bin/satallax -E /home/martin/.isabelle/contrib/e-2.5-1/x86_64-linux/eprover -p tstp -t 5 /home/martin/judgement-day/tptp-thf/tptp/Hoare/prob_294__3252860_1 ) ; }
% This file was generated by Isabelle (most likely Sledgehammer)
% 2020-12-16 14:13:34.762

% Could-be-implicit typings (11)
thf(ty_n_t__Set__Oset_It__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J_J, type,
    set_Ho137910533iple_a : $tType).
thf(ty_n_t__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J, type,
    hoare_1678595023iple_a : $tType).
thf(ty_n_t__Option__Ooption_It__Com__Ocom_J, type,
    option_com : $tType).
thf(ty_n_t__Com__Ovname, type,
    vname : $tType).
thf(ty_n_t__Com__Ostate, type,
    state : $tType).
thf(ty_n_t__Com__Opname, type,
    pname : $tType).
thf(ty_n_t__Nat__Onat, type,
    nat : $tType).
thf(ty_n_t__Com__Oloc, type,
    loc : $tType).
thf(ty_n_t__Com__Oglb, type,
    glb : $tType).
thf(ty_n_t__Com__Ocom, type,
    com : $tType).
thf(ty_n_tf__a, type,
    a : $tType).

% Explicit typings (38)
thf(sy_c_Com_OArg, type,
    arg : loc).
thf(sy_c_Com_ORes, type,
    res : loc).
thf(sy_c_Com_Obody, type,
    body : pname > option_com).
thf(sy_c_Com_Ocom_OAss, type,
    ass : vname > (state > nat) > com).
thf(sy_c_Com_Ocom_OBODY, type,
    body2 : pname > com).
thf(sy_c_Com_Ocom_OCall, type,
    call : vname > pname > (state > nat) > com).
thf(sy_c_Com_Ocom_OCond, type,
    cond : (state > $o) > com > com > com).
thf(sy_c_Com_Ocom_OLocal, type,
    local : loc > (state > nat) > com > com).
thf(sy_c_Com_Ocom_OSemi, type,
    semi : com > com > com).
thf(sy_c_Com_Ocom_Osize__com, type,
    size_com : com > nat).
thf(sy_c_Com_Ovname_OGlb, type,
    glb2 : glb > vname).
thf(sy_c_Com_Ovname_OLoc, type,
    loc2 : loc > vname).
thf(sy_c_Com_Ovname_Osize__vname, type,
    size_vname : vname > nat).
thf(sy_c_Groups_Oplus__class_Oplus_001t__Nat__Onat, type,
    plus_plus_nat : nat > nat > nat).
thf(sy_c_Groups_Ozero__class_Ozero_001t__Nat__Onat, type,
    zero_zero_nat : nat).
thf(sy_c_Hoare__Mirabelle__raqjowkjvm_Otriple_Otriple_001tf__a, type,
    hoare_719046530iple_a : (a > state > $o) > com > (a > state > $o) > hoare_1678595023iple_a).
thf(sy_c_Hoare__Mirabelle__raqjowkjvm_Otriple__valid_001tf__a, type,
    hoare_1926814542alid_a : nat > hoare_1678595023iple_a > $o).
thf(sy_c_Nat_OSuc, type,
    suc : nat > nat).
thf(sy_c_Nat_Osize__class_Osize_001t__Com__Ocom, type,
    size_size_com : com > nat).
thf(sy_c_Nat_Osize__class_Osize_001t__Com__Ovname, type,
    size_size_vname : vname > nat).
thf(sy_c_Natural_Oevalc, type,
    evalc : com > state > state > $o).
thf(sy_c_Natural_Oevaln, type,
    evaln : com > state > nat > state > $o).
thf(sy_c_Natural_Ogetlocs, type,
    getlocs : state > loc > nat).
thf(sy_c_Natural_Onewlocs, type,
    newlocs : loc > nat).
thf(sy_c_Natural_Osetlocs, type,
    setlocs : state > (loc > nat) > state).
thf(sy_c_Natural_Oupdate, type,
    update : state > vname > nat > state).
thf(sy_c_Option_Ooption_Othe_001t__Com__Ocom, type,
    the_com : option_com > com).
thf(sy_c_member_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J, type,
    member1332298086iple_a : hoare_1678595023iple_a > set_Ho137910533iple_a > $o).
thf(sy_v_Ga, type,
    ga : set_Ho137910533iple_a).
thf(sy_v_P, type,
    p : a > state > $o).
thf(sy_v_Q, type,
    q : a > state > $o).
thf(sy_v_X, type,
    x : vname).
thf(sy_v_Z, type,
    z : a).
thf(sy_v_a, type,
    a2 : state > nat).
thf(sy_v_na, type,
    na : nat).
thf(sy_v_pn, type,
    pn : pname).
thf(sy_v_s1, type,
    s1 : state).
thf(sy_v_s_H, type,
    s : state).

% Relevant facts (130)
thf(fact_0_triple__valid__Suc, axiom,
    ((![N : nat, T : hoare_1678595023iple_a]: ((hoare_1926814542alid_a @ (suc @ N) @ T) => (hoare_1926814542alid_a @ N @ T))))). % triple_valid_Suc
thf(fact_1_evaln__elim__cases_I6_J, axiom,
    ((![P : pname, S : state, N : nat, S1 : state]: ((evaln @ (body2 @ P) @ S @ N @ S1) => (~ ((![N2 : nat]: ((N = (suc @ N2)) => (~ ((evaln @ (the_com @ (body @ P)) @ S @ N2 @ S1))))))))))). % evaln_elim_cases(6)
thf(fact_2_evaln_OBody, axiom,
    ((![Pn : pname, S0 : state, N : nat, S1 : state]: ((evaln @ (the_com @ (body @ Pn)) @ S0 @ N @ S1) => (evaln @ (body2 @ Pn) @ S0 @ (suc @ N) @ S1))))). % evaln.Body
thf(fact_3_evaln__elim__cases_I7_J, axiom,
    ((![X : vname, P : pname, A : state > nat, S : state, N : nat, S1 : state]: ((evaln @ (call @ X @ P @ A) @ S @ N @ S1) => (~ ((![S12 : state]: ((S1 = (update @ (setlocs @ S12 @ (getlocs @ S)) @ X @ (getlocs @ S12 @ res))) => (~ ((evaln @ (body2 @ P) @ (update @ (setlocs @ S @ newlocs) @ (loc2 @ arg) @ (A @ S)) @ N @ S12))))))))))). % evaln_elim_cases(7)
thf(fact_4_evaln_OCall, axiom,
    ((![Pn : pname, S0 : state, A : state > nat, N : nat, S1 : state, X : vname]: ((evaln @ (body2 @ Pn) @ (update @ (setlocs @ S0 @ newlocs) @ (loc2 @ arg) @ (A @ S0)) @ N @ S1) => (evaln @ (call @ X @ Pn @ A) @ S0 @ N @ (update @ (setlocs @ S1 @ (getlocs @ S0)) @ X @ (getlocs @ S1 @ res))))))). % evaln.Call
thf(fact_5_vname_Oinject_I2_J, axiom,
    ((![X2 : loc, Y2 : loc]: (((loc2 @ X2) = (loc2 @ Y2)) = (X2 = Y2))))). % vname.inject(2)
thf(fact_6_com_Oinject_I6_J, axiom,
    ((![X7 : pname, Y7 : pname]: (((body2 @ X7) = (body2 @ Y7)) = (X7 = Y7))))). % com.inject(6)
thf(fact_7_nat_Oinject, axiom,
    ((![X2 : nat, Y2 : nat]: (((suc @ X2) = (suc @ Y2)) = (X2 = Y2))))). % nat.inject
thf(fact_8_old_Onat_Oinject, axiom,
    ((![Nat : nat, Nat2 : nat]: (((suc @ Nat) = (suc @ Nat2)) = (Nat = Nat2))))). % old.nat.inject
thf(fact_9_evaln__Suc, axiom,
    ((![C : com, S : state, N : nat, S2 : state]: ((evaln @ C @ S @ N @ S2) => (evaln @ C @ S @ (suc @ N) @ S2))))). % evaln_Suc
thf(fact_10_Body__triple__valid__Suc, axiom,
    ((![N : nat, P : a > state > $o, Pn : pname, Q : a > state > $o]: ((hoare_1926814542alid_a @ N @ (hoare_719046530iple_a @ P @ (the_com @ (body @ Pn)) @ Q)) = (hoare_1926814542alid_a @ (suc @ N) @ (hoare_719046530iple_a @ P @ (body2 @ Pn) @ Q)))))). % Body_triple_valid_Suc
thf(fact_11_evalc__elim__cases_I7_J, axiom,
    ((![X : vname, P : pname, A : state > nat, S : state, S1 : state]: ((evalc @ (call @ X @ P @ A) @ S @ S1) => (~ ((![S12 : state]: ((S1 = (update @ (setlocs @ S12 @ (getlocs @ S)) @ X @ (getlocs @ S12 @ res))) => (~ ((evalc @ (body2 @ P) @ (update @ (setlocs @ S @ newlocs) @ (loc2 @ arg) @ (A @ S)) @ S12))))))))))). % evalc_elim_cases(7)
thf(fact_12_com_Oinject_I7_J, axiom,
    ((![X81 : vname, X82 : pname, X83 : state > nat, Y81 : vname, Y82 : pname, Y83 : state > nat]: (((call @ X81 @ X82 @ X83) = (call @ Y81 @ Y82 @ Y83)) = (((X81 = Y81)) & ((((X82 = Y82)) & ((X83 = Y83))))))))). % com.inject(7)
thf(fact_13_com__det, axiom,
    ((![C : com, S : state, T : state, U : state]: ((evalc @ C @ S @ T) => ((evalc @ C @ S @ U) => (U = T)))))). % com_det
thf(fact_14_evaln__evalc, axiom,
    ((![C : com, S : state, N : nat, T : state]: ((evaln @ C @ S @ N @ T) => (evalc @ C @ S @ T))))). % evaln_evalc
thf(fact_15_evalc__evaln, axiom,
    ((![C : com, S : state, T : state]: ((evalc @ C @ S @ T) => (?[N2 : nat]: (evaln @ C @ S @ N2 @ T)))))). % evalc_evaln
thf(fact_16_eval__eq, axiom,
    ((evalc = (^[C2 : com]: (^[S3 : state]: (^[T2 : state]: (?[N3 : nat]: (evaln @ C2 @ S3 @ N3 @ T2)))))))). % eval_eq
thf(fact_17_com_Odistinct_I55_J, axiom,
    ((![X7 : pname, X81 : vname, X82 : pname, X83 : state > nat]: (~ (((body2 @ X7) = (call @ X81 @ X82 @ X83))))))). % com.distinct(55)
thf(fact_18_triple__valid__def2, axiom,
    ((![N : nat, P : a > state > $o, C : com, Q : a > state > $o]: ((hoare_1926814542alid_a @ N @ (hoare_719046530iple_a @ P @ C @ Q)) = (![Z : a]: (![S3 : state]: (((P @ Z @ S3)) => ((![S4 : state]: (((evaln @ C @ S3 @ N @ S4)) => ((Q @ Z @ S4)))))))))))). % triple_valid_def2
thf(fact_19_evalc_OBody, axiom,
    ((![Pn : pname, S0 : state, S1 : state]: ((evalc @ (the_com @ (body @ Pn)) @ S0 @ S1) => (evalc @ (body2 @ Pn) @ S0 @ S1))))). % evalc.Body
thf(fact_20_evalc__elim__cases_I6_J, axiom,
    ((![P : pname, S : state, S1 : state]: ((evalc @ (body2 @ P) @ S @ S1) => (evalc @ (the_com @ (body @ P)) @ S @ S1))))). % evalc_elim_cases(6)
thf(fact_21_n__not__Suc__n, axiom,
    ((![N : nat]: (~ ((N = (suc @ N))))))). % n_not_Suc_n
thf(fact_22_Suc__inject, axiom,
    ((![X3 : nat, Y : nat]: (((suc @ X3) = (suc @ Y)) => (X3 = Y))))). % Suc_inject
thf(fact_23_evaln__max2, axiom,
    ((![C1 : com, S1 : state, N1 : nat, T1 : state, C22 : com, S22 : state, N22 : nat, T22 : state]: ((evaln @ C1 @ S1 @ N1 @ T1) => ((evaln @ C22 @ S22 @ N22 @ T22) => (?[N2 : nat]: ((evaln @ C1 @ S1 @ N2 @ T1) & (evaln @ C22 @ S22 @ N2 @ T22)))))))). % evaln_max2
thf(fact_24_evalc_OCall, axiom,
    ((![Pn : pname, S0 : state, A : state > nat, S1 : state, X : vname]: ((evalc @ (body2 @ Pn) @ (update @ (setlocs @ S0 @ newlocs) @ (loc2 @ arg) @ (A @ S0)) @ S1) => (evalc @ (call @ X @ Pn @ A) @ S0 @ (update @ (setlocs @ S1 @ (getlocs @ S0)) @ X @ (getlocs @ S1 @ res))))))). % evalc.Call
thf(fact_25_evalc_OLocal, axiom,
    ((![C : com, S0 : state, Y3 : loc, A : state > nat, S1 : state]: ((evalc @ C @ (update @ S0 @ (loc2 @ Y3) @ (A @ S0)) @ S1) => (evalc @ (local @ Y3 @ A @ C) @ S0 @ (update @ S1 @ (loc2 @ Y3) @ (getlocs @ S0 @ Y3))))))). % evalc.Local
thf(fact_26_evalc__elim__cases_I3_J, axiom,
    ((![Y3 : loc, A : state > nat, C : com, S : state, T : state]: ((evalc @ (local @ Y3 @ A @ C) @ S @ T) => (~ ((![S12 : state]: ((T = (update @ S12 @ (loc2 @ Y3) @ (getlocs @ S @ Y3))) => (~ ((evalc @ C @ (update @ S @ (loc2 @ Y3) @ (A @ S)) @ S12))))))))))). % evalc_elim_cases(3)
thf(fact_27_evaln_OLocal, axiom,
    ((![C : com, S0 : state, Y3 : loc, A : state > nat, N : nat, S1 : state]: ((evaln @ C @ (update @ S0 @ (loc2 @ Y3) @ (A @ S0)) @ N @ S1) => (evaln @ (local @ Y3 @ A @ C) @ S0 @ N @ (update @ S1 @ (loc2 @ Y3) @ (getlocs @ S0 @ Y3))))))). % evaln.Local
thf(fact_28_evaln__elim__cases_I3_J, axiom,
    ((![Y3 : loc, A : state > nat, C : com, S : state, N : nat, T : state]: ((evaln @ (local @ Y3 @ A @ C) @ S @ N @ T) => (~ ((![S12 : state]: ((T = (update @ S12 @ (loc2 @ Y3) @ (getlocs @ S @ Y3))) => (~ ((evaln @ C @ (update @ S @ (loc2 @ Y3) @ (A @ S)) @ N @ S12))))))))))). % evaln_elim_cases(3)
thf(fact_29_Body__triple__valid__0, axiom,
    ((![P : a > state > $o, Pn : pname, Q : a > state > $o]: (hoare_1926814542alid_a @ zero_zero_nat @ (hoare_719046530iple_a @ P @ (body2 @ Pn) @ Q))))). % Body_triple_valid_0
thf(fact_30_evalc_OAssign, axiom,
    ((![X : vname, A : state > nat, S : state]: (evalc @ (ass @ X @ A) @ S @ (update @ S @ X @ (A @ S)))))). % evalc.Assign
thf(fact_31_evalc__elim__cases_I2_J, axiom,
    ((![X : vname, A : state > nat, S : state, T : state]: ((evalc @ (ass @ X @ A) @ S @ T) => (T = (update @ S @ X @ (A @ S))))))). % evalc_elim_cases(2)
thf(fact_32_com_Oinject_I2_J, axiom,
    ((![X31 : loc, X32 : state > nat, X33 : com, Y31 : loc, Y32 : state > nat, Y33 : com]: (((local @ X31 @ X32 @ X33) = (local @ Y31 @ Y32 @ Y33)) = (((X31 = Y31)) & ((((X32 = Y32)) & ((X33 = Y33))))))))). % com.inject(2)
thf(fact_33_com_Oinject_I1_J, axiom,
    ((![X21 : vname, X22 : state > nat, Y21 : vname, Y22 : state > nat]: (((ass @ X21 @ X22) = (ass @ Y21 @ Y22)) = (((X21 = Y21)) & ((X22 = Y22))))))). % com.inject(1)
thf(fact_34_com_Odistinct_I15_J, axiom,
    ((![X21 : vname, X22 : state > nat, X31 : loc, X32 : state > nat, X33 : com]: (~ (((ass @ X21 @ X22) = (local @ X31 @ X32 @ X33))))))). % com.distinct(15)
thf(fact_35_nat_Odistinct_I1_J, axiom,
    ((![X2 : nat]: (~ ((zero_zero_nat = (suc @ X2))))))). % nat.distinct(1)
thf(fact_36_old_Onat_Odistinct_I2_J, axiom,
    ((![Nat2 : nat]: (~ (((suc @ Nat2) = zero_zero_nat)))))). % old.nat.distinct(2)
thf(fact_37_old_Onat_Odistinct_I1_J, axiom,
    ((![Nat2 : nat]: (~ ((zero_zero_nat = (suc @ Nat2))))))). % old.nat.distinct(1)
thf(fact_38_nat_OdiscI, axiom,
    ((![Nat : nat, X2 : nat]: ((Nat = (suc @ X2)) => (~ ((Nat = zero_zero_nat))))))). % nat.discI
thf(fact_39_nat__induct, axiom,
    ((![P : nat > $o, N : nat]: ((P @ zero_zero_nat) => ((![N2 : nat]: ((P @ N2) => (P @ (suc @ N2)))) => (P @ N)))))). % nat_induct
thf(fact_40_diff__induct, axiom,
    ((![P : nat > nat > $o, M : nat, N : nat]: ((![X4 : nat]: (P @ X4 @ zero_zero_nat)) => ((![Y4 : nat]: (P @ zero_zero_nat @ (suc @ Y4))) => ((![X4 : nat, Y4 : nat]: ((P @ X4 @ Y4) => (P @ (suc @ X4) @ (suc @ Y4)))) => (P @ M @ N))))))). % diff_induct
thf(fact_41_zero__induct, axiom,
    ((![P : nat > $o, K : nat]: ((P @ K) => ((![N2 : nat]: ((P @ (suc @ N2)) => (P @ N2))) => (P @ zero_zero_nat)))))). % zero_induct
thf(fact_42_Suc__neq__Zero, axiom,
    ((![M : nat]: (~ (((suc @ M) = zero_zero_nat)))))). % Suc_neq_Zero
thf(fact_43_Zero__neq__Suc, axiom,
    ((![M : nat]: (~ ((zero_zero_nat = (suc @ M))))))). % Zero_neq_Suc
thf(fact_44_Zero__not__Suc, axiom,
    ((![M : nat]: (~ ((zero_zero_nat = (suc @ M))))))). % Zero_not_Suc
thf(fact_45_old_Onat_Oexhaust, axiom,
    ((![Y : nat]: ((~ ((Y = zero_zero_nat))) => (~ ((![Nat3 : nat]: (~ ((Y = (suc @ Nat3))))))))))). % old.nat.exhaust
thf(fact_46_old_Onat_Oinducts, axiom,
    ((![P : nat > $o, Nat : nat]: ((P @ zero_zero_nat) => ((![Nat3 : nat]: ((P @ Nat3) => (P @ (suc @ Nat3)))) => (P @ Nat)))))). % old.nat.inducts
thf(fact_47_not0__implies__Suc, axiom,
    ((![N : nat]: ((~ ((N = zero_zero_nat))) => (?[M2 : nat]: (N = (suc @ M2))))))). % not0_implies_Suc
thf(fact_48_com_Odistinct_I33_J, axiom,
    ((![X31 : loc, X32 : state > nat, X33 : com, X7 : pname]: (~ (((local @ X31 @ X32 @ X33) = (body2 @ X7))))))). % com.distinct(33)
thf(fact_49_com_Odistinct_I23_J, axiom,
    ((![X21 : vname, X22 : state > nat, X7 : pname]: (~ (((ass @ X21 @ X22) = (body2 @ X7))))))). % com.distinct(23)
thf(fact_50_com_Odistinct_I25_J, axiom,
    ((![X21 : vname, X22 : state > nat, X81 : vname, X82 : pname, X83 : state > nat]: (~ (((ass @ X21 @ X22) = (call @ X81 @ X82 @ X83))))))). % com.distinct(25)
thf(fact_51_com_Odistinct_I35_J, axiom,
    ((![X31 : loc, X32 : state > nat, X33 : com, X81 : vname, X82 : pname, X83 : state > nat]: (~ (((local @ X31 @ X32 @ X33) = (call @ X81 @ X82 @ X83))))))). % com.distinct(35)
thf(fact_52_evaln__elim__cases_I2_J, axiom,
    ((![X : vname, A : state > nat, S : state, N : nat, T : state]: ((evaln @ (ass @ X @ A) @ S @ N @ T) => (T = (update @ S @ X @ (A @ S))))))). % evaln_elim_cases(2)
thf(fact_53_evaln_OAssign, axiom,
    ((![X : vname, A : state > nat, S : state, N : nat]: (evaln @ (ass @ X @ A) @ S @ N @ (update @ S @ X @ (A @ S)))))). % evaln.Assign
thf(fact_54_vname_Osize__gen_I2_J, axiom,
    ((![X2 : loc]: ((size_vname @ (loc2 @ X2)) = zero_zero_nat)))). % vname.size_gen(2)
thf(fact_55_vname_Osize_I4_J, axiom,
    ((![X2 : loc]: ((size_size_vname @ (loc2 @ X2)) = zero_zero_nat)))). % vname.size(4)
thf(fact_56_com_Osize__gen_I2_J, axiom,
    ((![X21 : vname, X22 : state > nat]: ((size_com @ (ass @ X21 @ X22)) = zero_zero_nat)))). % com.size_gen(2)
thf(fact_57_size__neq__size__imp__neq, axiom,
    ((![X3 : vname, Y : vname]: ((~ (((size_size_vname @ X3) = (size_size_vname @ Y)))) => (~ ((X3 = Y))))))). % size_neq_size_imp_neq
thf(fact_58_size__neq__size__imp__neq, axiom,
    ((![X3 : com, Y : com]: ((~ (((size_size_com @ X3) = (size_size_com @ Y)))) => (~ ((X3 = Y))))))). % size_neq_size_imp_neq
thf(fact_59_zero__reorient, axiom,
    ((![X3 : nat]: ((zero_zero_nat = X3) = (X3 = zero_zero_nat))))). % zero_reorient
thf(fact_60_com_Osize__gen_I7_J, axiom,
    ((![X7 : pname]: ((size_com @ (body2 @ X7)) = zero_zero_nat)))). % com.size_gen(7)
thf(fact_61_com_Osize__gen_I8_J, axiom,
    ((![X81 : vname, X82 : pname, X83 : state > nat]: ((size_com @ (call @ X81 @ X82 @ X83)) = zero_zero_nat)))). % com.size_gen(8)
thf(fact_62_vname_Osize_I3_J, axiom,
    ((![X1 : glb]: ((size_size_vname @ (glb2 @ X1)) = zero_zero_nat)))). % vname.size(3)
thf(fact_63_vname_Osize__gen_I1_J, axiom,
    ((![X1 : glb]: ((size_vname @ (glb2 @ X1)) = zero_zero_nat)))). % vname.size_gen(1)
thf(fact_64_com_Osize__gen_I3_J, axiom,
    ((![X31 : loc, X32 : state > nat, X33 : com]: ((size_com @ (local @ X31 @ X32 @ X33)) = (plus_plus_nat @ (size_com @ X33) @ (suc @ zero_zero_nat)))))). % com.size_gen(3)
thf(fact_65_add__left__cancel, axiom,
    ((![A : nat, B : nat, C : nat]: (((plus_plus_nat @ A @ B) = (plus_plus_nat @ A @ C)) = (B = C))))). % add_left_cancel
thf(fact_66_add__right__cancel, axiom,
    ((![B : nat, A : nat, C : nat]: (((plus_plus_nat @ B @ A) = (plus_plus_nat @ C @ A)) = (B = C))))). % add_right_cancel
thf(fact_67_vname_Oinject_I1_J, axiom,
    ((![X1 : glb, Y1 : glb]: (((glb2 @ X1) = (glb2 @ Y1)) = (X1 = Y1))))). % vname.inject(1)
thf(fact_68_zero__eq__add__iff__both__eq__0, axiom,
    ((![X3 : nat, Y : nat]: ((zero_zero_nat = (plus_plus_nat @ X3 @ Y)) = (((X3 = zero_zero_nat)) & ((Y = zero_zero_nat))))))). % zero_eq_add_iff_both_eq_0
thf(fact_69_add__eq__0__iff__both__eq__0, axiom,
    ((![X3 : nat, Y : nat]: (((plus_plus_nat @ X3 @ Y) = zero_zero_nat) = (((X3 = zero_zero_nat)) & ((Y = zero_zero_nat))))))). % add_eq_0_iff_both_eq_0
thf(fact_70_add__cancel__right__right, axiom,
    ((![A : nat, B : nat]: ((A = (plus_plus_nat @ A @ B)) = (B = zero_zero_nat))))). % add_cancel_right_right
thf(fact_71_add__cancel__right__left, axiom,
    ((![A : nat, B : nat]: ((A = (plus_plus_nat @ B @ A)) = (B = zero_zero_nat))))). % add_cancel_right_left
thf(fact_72_add__cancel__left__right, axiom,
    ((![A : nat, B : nat]: (((plus_plus_nat @ A @ B) = A) = (B = zero_zero_nat))))). % add_cancel_left_right
thf(fact_73_add__cancel__left__left, axiom,
    ((![B : nat, A : nat]: (((plus_plus_nat @ B @ A) = A) = (B = zero_zero_nat))))). % add_cancel_left_left
thf(fact_74_add_Oright__neutral, axiom,
    ((![A : nat]: ((plus_plus_nat @ A @ zero_zero_nat) = A)))). % add.right_neutral
thf(fact_75_add_Oleft__neutral, axiom,
    ((![A : nat]: ((plus_plus_nat @ zero_zero_nat @ A) = A)))). % add.left_neutral
thf(fact_76_add__Suc__right, axiom,
    ((![M : nat, N : nat]: ((plus_plus_nat @ M @ (suc @ N)) = (suc @ (plus_plus_nat @ M @ N)))))). % add_Suc_right
thf(fact_77_add__is__0, axiom,
    ((![M : nat, N : nat]: (((plus_plus_nat @ M @ N) = zero_zero_nat) = (((M = zero_zero_nat)) & ((N = zero_zero_nat))))))). % add_is_0
thf(fact_78_Nat_Oadd__0__right, axiom,
    ((![M : nat]: ((plus_plus_nat @ M @ zero_zero_nat) = M)))). % Nat.add_0_right
thf(fact_79_add_Ocomm__neutral, axiom,
    ((![A : nat]: ((plus_plus_nat @ A @ zero_zero_nat) = A)))). % add.comm_neutral
thf(fact_80_comm__monoid__add__class_Oadd__0, axiom,
    ((![A : nat]: ((plus_plus_nat @ zero_zero_nat @ A) = A)))). % comm_monoid_add_class.add_0
thf(fact_81_ab__semigroup__add__class_Oadd__ac_I1_J, axiom,
    ((![A : nat, B : nat, C : nat]: ((plus_plus_nat @ (plus_plus_nat @ A @ B) @ C) = (plus_plus_nat @ A @ (plus_plus_nat @ B @ C)))))). % ab_semigroup_add_class.add_ac(1)
thf(fact_82_add__mono__thms__linordered__semiring_I4_J, axiom,
    ((![I : nat, J : nat, K : nat, L : nat]: (((I = J) & (K = L)) => ((plus_plus_nat @ I @ K) = (plus_plus_nat @ J @ L)))))). % add_mono_thms_linordered_semiring(4)
thf(fact_83_group__cancel_Oadd1, axiom,
    ((![A2 : nat, K : nat, A : nat, B : nat]: ((A2 = (plus_plus_nat @ K @ A)) => ((plus_plus_nat @ A2 @ B) = (plus_plus_nat @ K @ (plus_plus_nat @ A @ B))))))). % group_cancel.add1
thf(fact_84_group__cancel_Oadd2, axiom,
    ((![B2 : nat, K : nat, B : nat, A : nat]: ((B2 = (plus_plus_nat @ K @ B)) => ((plus_plus_nat @ A @ B2) = (plus_plus_nat @ K @ (plus_plus_nat @ A @ B))))))). % group_cancel.add2
thf(fact_85_add_Oassoc, axiom,
    ((![A : nat, B : nat, C : nat]: ((plus_plus_nat @ (plus_plus_nat @ A @ B) @ C) = (plus_plus_nat @ A @ (plus_plus_nat @ B @ C)))))). % add.assoc
thf(fact_86_add_Ocommute, axiom,
    ((plus_plus_nat = (^[A3 : nat]: (^[B3 : nat]: (plus_plus_nat @ B3 @ A3)))))). % add.commute
thf(fact_87_add_Oleft__commute, axiom,
    ((![B : nat, A : nat, C : nat]: ((plus_plus_nat @ B @ (plus_plus_nat @ A @ C)) = (plus_plus_nat @ A @ (plus_plus_nat @ B @ C)))))). % add.left_commute
thf(fact_88_add__left__imp__eq, axiom,
    ((![A : nat, B : nat, C : nat]: (((plus_plus_nat @ A @ B) = (plus_plus_nat @ A @ C)) => (B = C))))). % add_left_imp_eq
thf(fact_89_add__right__imp__eq, axiom,
    ((![B : nat, A : nat, C : nat]: (((plus_plus_nat @ B @ A) = (plus_plus_nat @ C @ A)) => (B = C))))). % add_right_imp_eq
thf(fact_90_add__Suc, axiom,
    ((![M : nat, N : nat]: ((plus_plus_nat @ (suc @ M) @ N) = (suc @ (plus_plus_nat @ M @ N)))))). % add_Suc
thf(fact_91_nat__arith_Osuc1, axiom,
    ((![A2 : nat, K : nat, A : nat]: ((A2 = (plus_plus_nat @ K @ A)) => ((suc @ A2) = (plus_plus_nat @ K @ (suc @ A))))))). % nat_arith.suc1
thf(fact_92_add__Suc__shift, axiom,
    ((![M : nat, N : nat]: ((plus_plus_nat @ (suc @ M) @ N) = (plus_plus_nat @ M @ (suc @ N)))))). % add_Suc_shift
thf(fact_93_add__eq__self__zero, axiom,
    ((![M : nat, N : nat]: (((plus_plus_nat @ M @ N) = M) => (N = zero_zero_nat))))). % add_eq_self_zero
thf(fact_94_plus__nat_Oadd__0, axiom,
    ((![N : nat]: ((plus_plus_nat @ zero_zero_nat @ N) = N)))). % plus_nat.add_0
thf(fact_95_com_Osize_I11_J, axiom,
    ((![X31 : loc, X32 : state > nat, X33 : com]: ((size_size_com @ (local @ X31 @ X32 @ X33)) = (plus_plus_nat @ (size_size_com @ X33) @ (suc @ zero_zero_nat)))))). % com.size(11)
thf(fact_96_one__is__add, axiom,
    ((![M : nat, N : nat]: (((suc @ zero_zero_nat) = (plus_plus_nat @ M @ N)) = (((((M = (suc @ zero_zero_nat))) & ((N = zero_zero_nat)))) | ((((M = zero_zero_nat)) & ((N = (suc @ zero_zero_nat)))))))))). % one_is_add
thf(fact_97_add__is__1, axiom,
    ((![M : nat, N : nat]: (((plus_plus_nat @ M @ N) = (suc @ zero_zero_nat)) = (((((M = (suc @ zero_zero_nat))) & ((N = zero_zero_nat)))) | ((((M = zero_zero_nat)) & ((N = (suc @ zero_zero_nat)))))))))). % add_is_1
thf(fact_98_vname_Odistinct_I1_J, axiom,
    ((![X1 : glb, X2 : loc]: (~ (((glb2 @ X1) = (loc2 @ X2))))))). % vname.distinct(1)
thf(fact_99_vname_Oinduct, axiom,
    ((![P : vname > $o, Vname : vname]: ((![X4 : glb]: (P @ (glb2 @ X4))) => ((![X4 : loc]: (P @ (loc2 @ X4))) => (P @ Vname)))))). % vname.induct
thf(fact_100_vname_Oexhaust, axiom,
    ((![Y : vname]: ((![X12 : glb]: (~ ((Y = (glb2 @ X12))))) => (~ ((![X23 : loc]: (~ ((Y = (loc2 @ X23))))))))))). % vname.exhaust
thf(fact_101_com_Osize_I15_J, axiom,
    ((![X7 : pname]: ((size_size_com @ (body2 @ X7)) = zero_zero_nat)))). % com.size(15)
thf(fact_102_com_Osize_I10_J, axiom,
    ((![X21 : vname, X22 : state > nat]: ((size_size_com @ (ass @ X21 @ X22)) = zero_zero_nat)))). % com.size(10)
thf(fact_103_com_Osize_I16_J, axiom,
    ((![X81 : vname, X82 : pname, X83 : state > nat]: ((size_size_com @ (call @ X81 @ X82 @ X83)) = zero_zero_nat)))). % com.size(16)
thf(fact_104_Euclid__induct, axiom,
    ((![P : nat > nat > $o, A : nat, B : nat]: ((![A4 : nat, B4 : nat]: ((P @ A4 @ B4) = (P @ B4 @ A4))) => ((![A4 : nat]: (P @ A4 @ zero_zero_nat)) => ((![A4 : nat, B4 : nat]: ((P @ A4 @ B4) => (P @ A4 @ (plus_plus_nat @ A4 @ B4)))) => (P @ A @ B))))))). % Euclid_induct
thf(fact_105_add__0__iff, axiom,
    ((![B : nat, A : nat]: ((B = (plus_plus_nat @ B @ A)) = (A = zero_zero_nat))))). % add_0_iff
thf(fact_106_verit__sum__simplify, axiom,
    ((![A : nat]: ((plus_plus_nat @ A @ zero_zero_nat) = A)))). % verit_sum_simplify
thf(fact_107_com_Osize__gen_I4_J, axiom,
    ((![X41 : com, X42 : com]: ((size_com @ (semi @ X41 @ X42)) = (plus_plus_nat @ (plus_plus_nat @ (size_com @ X41) @ (size_com @ X42)) @ (suc @ zero_zero_nat)))))). % com.size_gen(4)
thf(fact_108_com_Oinject_I3_J, axiom,
    ((![X41 : com, X42 : com, Y41 : com, Y42 : com]: (((semi @ X41 @ X42) = (semi @ Y41 @ Y42)) = (((X41 = Y41)) & ((X42 = Y42))))))). % com.inject(3)
thf(fact_109_evaln_OSemi, axiom,
    ((![C0 : com, S0 : state, N : nat, S1 : state, C1 : com, S22 : state]: ((evaln @ C0 @ S0 @ N @ S1) => ((evaln @ C1 @ S1 @ N @ S22) => (evaln @ (semi @ C0 @ C1) @ S0 @ N @ S22)))))). % evaln.Semi
thf(fact_110_evaln__elim__cases_I4_J, axiom,
    ((![C1 : com, C22 : com, S : state, N : nat, T : state]: ((evaln @ (semi @ C1 @ C22) @ S @ N @ T) => (~ ((![S12 : state]: ((evaln @ C1 @ S @ N @ S12) => (~ ((evaln @ C22 @ S12 @ N @ T))))))))))). % evaln_elim_cases(4)
thf(fact_111_com_Odistinct_I41_J, axiom,
    ((![X41 : com, X42 : com, X7 : pname]: (~ (((semi @ X41 @ X42) = (body2 @ X7))))))). % com.distinct(41)
thf(fact_112_evalc__elim__cases_I4_J, axiom,
    ((![C1 : com, C22 : com, S : state, T : state]: ((evalc @ (semi @ C1 @ C22) @ S @ T) => (~ ((![S12 : state]: ((evalc @ C1 @ S @ S12) => (~ ((evalc @ C22 @ S12 @ T))))))))))). % evalc_elim_cases(4)
thf(fact_113_evalc_OSemi, axiom,
    ((![C0 : com, S0 : state, S1 : state, C1 : com, S22 : state]: ((evalc @ C0 @ S0 @ S1) => ((evalc @ C1 @ S1 @ S22) => (evalc @ (semi @ C0 @ C1) @ S0 @ S22)))))). % evalc.Semi
thf(fact_114_com_Odistinct_I43_J, axiom,
    ((![X41 : com, X42 : com, X81 : vname, X82 : pname, X83 : state > nat]: (~ (((semi @ X41 @ X42) = (call @ X81 @ X82 @ X83))))))). % com.distinct(43)
thf(fact_115_com_Odistinct_I17_J, axiom,
    ((![X21 : vname, X22 : state > nat, X41 : com, X42 : com]: (~ (((ass @ X21 @ X22) = (semi @ X41 @ X42))))))). % com.distinct(17)
thf(fact_116_com_Odistinct_I27_J, axiom,
    ((![X31 : loc, X32 : state > nat, X33 : com, X41 : com, X42 : com]: (~ (((local @ X31 @ X32 @ X33) = (semi @ X41 @ X42))))))). % com.distinct(27)
thf(fact_117_com_Osize_I12_J, axiom,
    ((![X41 : com, X42 : com]: ((size_size_com @ (semi @ X41 @ X42)) = (plus_plus_nat @ (plus_plus_nat @ (size_size_com @ X41) @ (size_size_com @ X42)) @ (suc @ zero_zero_nat)))))). % com.size(12)
thf(fact_118_com_Osize_I13_J, axiom,
    ((![X51 : state > $o, X52 : com, X53 : com]: ((size_size_com @ (cond @ X51 @ X52 @ X53)) = (plus_plus_nat @ (plus_plus_nat @ (size_size_com @ X52) @ (size_size_com @ X53)) @ (suc @ zero_zero_nat)))))). % com.size(13)
thf(fact_119_com_Osize__gen_I5_J, axiom,
    ((![X51 : state > $o, X52 : com, X53 : com]: ((size_com @ (cond @ X51 @ X52 @ X53)) = (plus_plus_nat @ (plus_plus_nat @ (size_com @ X52) @ (size_com @ X53)) @ (suc @ zero_zero_nat)))))). % com.size_gen(5)
thf(fact_120_com_Oinject_I4_J, axiom,
    ((![X51 : state > $o, X52 : com, X53 : com, Y51 : state > $o, Y52 : com, Y53 : com]: (((cond @ X51 @ X52 @ X53) = (cond @ Y51 @ Y52 @ Y53)) = (((X51 = Y51)) & ((((X52 = Y52)) & ((X53 = Y53))))))))). % com.inject(4)
thf(fact_121_com_Odistinct_I37_J, axiom,
    ((![X41 : com, X42 : com, X51 : state > $o, X52 : com, X53 : com]: (~ (((semi @ X41 @ X42) = (cond @ X51 @ X52 @ X53))))))). % com.distinct(37)
thf(fact_122_evaln_OIfFalse, axiom,
    ((![B : state > $o, S : state, C1 : com, N : nat, S1 : state, C0 : com]: ((~ ((B @ S))) => ((evaln @ C1 @ S @ N @ S1) => (evaln @ (cond @ B @ C0 @ C1) @ S @ N @ S1)))))). % evaln.IfFalse
thf(fact_123_evaln_OIfTrue, axiom,
    ((![B : state > $o, S : state, C0 : com, N : nat, S1 : state, C1 : com]: ((B @ S) => ((evaln @ C0 @ S @ N @ S1) => (evaln @ (cond @ B @ C0 @ C1) @ S @ N @ S1)))))). % evaln.IfTrue
thf(fact_124_evaln__elim__cases_I5_J, axiom,
    ((![B : state > $o, C1 : com, C22 : com, S : state, N : nat, T : state]: ((evaln @ (cond @ B @ C1 @ C22) @ S @ N @ T) => (((B @ S) => (~ ((evaln @ C1 @ S @ N @ T)))) => (~ (((~ ((B @ S))) => (~ ((evaln @ C22 @ S @ N @ T))))))))))). % evaln_elim_cases(5)
thf(fact_125_com_Odistinct_I47_J, axiom,
    ((![X51 : state > $o, X52 : com, X53 : com, X7 : pname]: (~ (((cond @ X51 @ X52 @ X53) = (body2 @ X7))))))). % com.distinct(47)
thf(fact_126_evalc__elim__cases_I5_J, axiom,
    ((![B : state > $o, C1 : com, C22 : com, S : state, T : state]: ((evalc @ (cond @ B @ C1 @ C22) @ S @ T) => (((B @ S) => (~ ((evalc @ C1 @ S @ T)))) => (~ (((~ ((B @ S))) => (~ ((evalc @ C22 @ S @ T))))))))))). % evalc_elim_cases(5)
thf(fact_127_evalc_OIfTrue, axiom,
    ((![B : state > $o, S : state, C0 : com, S1 : state, C1 : com]: ((B @ S) => ((evalc @ C0 @ S @ S1) => (evalc @ (cond @ B @ C0 @ C1) @ S @ S1)))))). % evalc.IfTrue
thf(fact_128_evalc_OIfFalse, axiom,
    ((![B : state > $o, S : state, C1 : com, S1 : state, C0 : com]: ((~ ((B @ S))) => ((evalc @ C1 @ S @ S1) => (evalc @ (cond @ B @ C0 @ C1) @ S @ S1)))))). % evalc.IfFalse
thf(fact_129_com_Odistinct_I49_J, axiom,
    ((![X51 : state > $o, X52 : com, X53 : com, X81 : vname, X82 : pname, X83 : state > nat]: (~ (((cond @ X51 @ X52 @ X53) = (call @ X81 @ X82 @ X83))))))). % com.distinct(49)

% Conjectures (5)
thf(conj_0, hypothesis,
    ((![X5 : hoare_1678595023iple_a]: ((member1332298086iple_a @ X5 @ ga) => (hoare_1926814542alid_a @ (suc @ na) @ X5))))).
thf(conj_1, hypothesis,
    ((![Z2 : a, S5 : state]: ((p @ Z2 @ S5) => (![S6 : state]: ((evaln @ (body2 @ pn) @ S5 @ (suc @ na) @ S6) => (q @ Z2 @ (update @ (setlocs @ S6 @ (getlocs @ s)) @ x @ (getlocs @ S6 @ res))))))))).
thf(conj_2, hypothesis,
    ((p @ z @ (update @ (setlocs @ s @ newlocs) @ (loc2 @ arg) @ (a2 @ s))))).
thf(conj_3, hypothesis,
    ((evaln @ (the_com @ (body @ pn)) @ (update @ (setlocs @ s @ newlocs) @ (loc2 @ arg) @ (a2 @ s)) @ na @ s1))).
thf(conj_4, conjecture,
    ((q @ z @ (update @ (setlocs @ s1 @ (getlocs @ s)) @ x @ (getlocs @ s1 @ res))))).
