% TIMEFORMAT='%3R'; { time (exec 2>&1; /home/martin/bin/satallax -E /home/martin/.isabelle/contrib/e-2.5-1/x86_64-linux/eprover -p tstp -t 5 /home/martin/judgement-day/tptp-thf/tptp/Hoare/prob_456__3254866_1 ) ; }
% This file was generated by Isabelle (most likely Sledgehammer)
% 2020-12-16 14:15:05.378

% Could-be-implicit typings (11)
thf(ty_n_t__Set__Oset_It__Option__Ooption_It__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J_J_J, type,
    set_op1790085995_state : $tType).
thf(ty_n_t__Option__Ooption_It__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J_J, type,
    option1481361675_state : $tType).
thf(ty_n_t__Set__Oset_It__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J_J, type,
    set_Ho840737317_state : $tType).
thf(ty_n_t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    hoare_958474565_state : $tType).
thf(ty_n_t__Set__Oset_It__Option__Ooption_It__Com__Ocom_J_J, type,
    set_option_com : $tType).
thf(ty_n_t__Option__Ooption_It__Com__Ocom_J, type,
    option_com : $tType).
thf(ty_n_t__Set__Oset_It__Com__Opname_J, type,
    set_pname : $tType).
thf(ty_n_t__Set__Oset_It__Com__Ocom_J, type,
    set_com : $tType).
thf(ty_n_t__Com__Ostate, type,
    state : $tType).
thf(ty_n_t__Com__Opname, type,
    pname : $tType).
thf(ty_n_t__Com__Ocom, type,
    com : $tType).

% Explicit typings (53)
thf(sy_c_Com_OWT, type,
    wt : com > $o).
thf(sy_c_Com_OWT__bodies, type,
    wT_bodies : $o).
thf(sy_c_Com_Obody, type,
    body : pname > option_com).
thf(sy_c_Com_Ocom_OBODY, type,
    body2 : pname > com).
thf(sy_c_Com_Ocom_OSKIP, type,
    skip : com).
thf(sy_c_Com_Ocom_OSemi, type,
    semi : com > com > com).
thf(sy_c_Fun_Ofun__upd_001t__Com__Opname_001t__Option__Ooption_It__Com__Ocom_J, type,
    fun_up591155689on_com : (pname > option_com) > pname > option_com > pname > option_com).
thf(sy_c_Fun_Ofun__upd_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J_001t__Option__Ooption_It__Com__Ocom_J, type,
    fun_up1004863592on_com : (hoare_958474565_state > option_com) > hoare_958474565_state > option_com > hoare_958474565_state > option_com).
thf(sy_c_Groups_Ominus__class_Ominus_001t__Set__Oset_It__Com__Opname_J, type,
    minus_1937938585_pname : set_pname > set_pname > set_pname).
thf(sy_c_Groups_Ominus__class_Ominus_001t__Set__Oset_It__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J_J, type,
    minus_1628593292_state : set_Ho840737317_state > set_Ho840737317_state > set_Ho840737317_state).
thf(sy_c_Hoare__Mirabelle__raqjowkjvm_OMGT, type,
    hoare_Mirabelle_MGT : com > hoare_958474565_state).
thf(sy_c_Hoare__Mirabelle__raqjowkjvm_Ohoare__derivs_001t__Com__Ostate, type,
    hoare_604442164_state : set_Ho840737317_state > set_Ho840737317_state > $o).
thf(sy_c_Hoare__Mirabelle__raqjowkjvm_Ohoare__valids_001t__Com__Ostate, type,
    hoare_318887606_state : set_Ho840737317_state > set_Ho840737317_state > $o).
thf(sy_c_Hoare__Mirabelle__raqjowkjvm_Ostate__not__singleton, type,
    hoare_405891322gleton : $o).
thf(sy_c_Hoare__Mirabelle__raqjowkjvm_Otriple_Otriple_001t__Com__Ostate, type,
    hoare_1659279548_state : (state > state > $o) > com > (state > state > $o) > hoare_958474565_state).
thf(sy_c_If_001t__Option__Ooption_It__Com__Ocom_J, type,
    if_option_com : $o > option_com > option_com > option_com).
thf(sy_c_Map_Odom_001t__Com__Opname_001t__Com__Ocom, type,
    dom_pname_com : (pname > option_com) > set_pname).
thf(sy_c_Map_Odom_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J_001t__Com__Ocom, type,
    dom_Ho256784515te_com : (hoare_958474565_state > option_com) > set_Ho840737317_state).
thf(sy_c_Map_Orestrict__map_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J_001t__Com__Ocom, type,
    restri728503333te_com : (hoare_958474565_state > option_com) > set_Ho840737317_state > hoare_958474565_state > option_com).
thf(sy_c_Option_Ooption_ONone_001t__Com__Ocom, type,
    none_com : option_com).
thf(sy_c_Option_Ooption_ONone_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    none_H2001963430_state : option1481361675_state).
thf(sy_c_Option_Ooption_OSome_001t__Com__Ocom, type,
    some_com : com > option_com).
thf(sy_c_Option_Ooption_OSome_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    some_H1327573290_state : hoare_958474565_state > option1481361675_state).
thf(sy_c_Option_Ooption_Oset__option_001t__Com__Ocom, type,
    set_option_com2 : option_com > set_com).
thf(sy_c_Option_Ooption_Oset__option_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    set_op1542142163_state : option1481361675_state > set_Ho840737317_state).
thf(sy_c_Option_Ooption_Othe_001t__Com__Ocom, type,
    the_com : option_com > com).
thf(sy_c_Option_Ooption_Othe_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    the_Ho1294110169_state : option1481361675_state > hoare_958474565_state).
thf(sy_c_Option_Othese_001t__Com__Ocom, type,
    these_com : set_option_com > set_com).
thf(sy_c_Option_Othese_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    these_1282564994_state : set_op1790085995_state > set_Ho840737317_state).
thf(sy_c_Orderings_Obot__class_Obot_001_062_It__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J_M_Eo_J, type,
    bot_bo1428770700tate_o : hoare_958474565_state > $o).
thf(sy_c_Orderings_Obot__class_Obot_001t__Set__Oset_It__Com__Ocom_J, type,
    bot_bot_set_com : set_com).
thf(sy_c_Orderings_Obot__class_Obot_001t__Set__Oset_It__Com__Opname_J, type,
    bot_bot_set_pname : set_pname).
thf(sy_c_Orderings_Obot__class_Obot_001t__Set__Oset_It__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J_J, type,
    bot_bo105666705_state : set_Ho840737317_state).
thf(sy_c_Orderings_Obot__class_Obot_001t__Set__Oset_It__Option__Ooption_It__Com__Ocom_J_J, type,
    bot_bo697186986on_com : set_option_com).
thf(sy_c_Orderings_Obot__class_Obot_001t__Set__Oset_It__Option__Ooption_It__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J_J_J, type,
    bot_bo472264663_state : set_op1790085995_state).
thf(sy_c_Set_OCollect_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    collec305460656_state : (hoare_958474565_state > $o) > set_Ho840737317_state).
thf(sy_c_Set_Oinsert_001t__Com__Ocom, type,
    insert_com : com > set_com > set_com).
thf(sy_c_Set_Oinsert_001t__Com__Opname, type,
    insert_pname : pname > set_pname > set_pname).
thf(sy_c_Set_Oinsert_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    insert776267541_state : hoare_958474565_state > set_Ho840737317_state > set_Ho840737317_state).
thf(sy_c_Set_Oinsert_001t__Option__Ooption_It__Com__Ocom_J, type,
    insert_option_com : option_com > set_option_com > set_option_com).
thf(sy_c_Set_Oinsert_001t__Option__Ooption_It__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J_J, type,
    insert677809883_state : option1481361675_state > set_op1790085995_state > set_op1790085995_state).
thf(sy_c_Set_Ois__empty_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    is_emp266830871_state : set_Ho840737317_state > $o).
thf(sy_c_Set_Ois__singleton_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    is_sin536631353_state : set_Ho840737317_state > $o).
thf(sy_c_Set_Oremove_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    remove586333994_state : hoare_958474565_state > set_Ho840737317_state > set_Ho840737317_state).
thf(sy_c_Set_Othe__elem_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    the_el1300254266_state : set_Ho840737317_state > hoare_958474565_state).
thf(sy_c_member_001t__Com__Ocom, type,
    member_com : com > set_com > $o).
thf(sy_c_member_001t__Com__Opname, type,
    member_pname : pname > set_pname > $o).
thf(sy_c_member_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J, type,
    member109514606_state : hoare_958474565_state > set_Ho840737317_state > $o).
thf(sy_c_member_001t__Option__Ooption_It__Com__Ocom_J, type,
    member_option_com : option_com > set_option_com > $o).
thf(sy_c_member_001t__Option__Ooption_It__Hoare____Mirabelle____raqjowkjvm__Otriple_It__Com__Ostate_J_J, type,
    member1754906036_state : option1481361675_state > set_op1790085995_state > $o).
thf(sy_v_c, type,
    c : com).
thf(sy_v_pn, type,
    pn : pname).
thf(sy_v_y, type,
    y : com).

% Relevant facts (146)
thf(fact_0_MGF, axiom,
    ((![C : com]: (hoare_405891322gleton => (wT_bodies => ((wt @ C) => (hoare_604442164_state @ bot_bo105666705_state @ (insert776267541_state @ (hoare_Mirabelle_MGT @ C) @ bot_bo105666705_state)))))))). % MGF
thf(fact_1_single__stateE, axiom,
    ((hoare_405891322gleton => (![T : state]: (~ ((![S : state]: (S = T)))))))). % single_stateE
thf(fact_2_derivs__insertD, axiom,
    ((![G : set_Ho840737317_state, T2 : hoare_958474565_state, Ts : set_Ho840737317_state]: ((hoare_604442164_state @ G @ (insert776267541_state @ T2 @ Ts)) => ((hoare_604442164_state @ G @ (insert776267541_state @ T2 @ bot_bo105666705_state)) & (hoare_604442164_state @ G @ Ts)))))). % derivs_insertD
thf(fact_3_cut, axiom,
    ((![G2 : set_Ho840737317_state, Ts : set_Ho840737317_state, G : set_Ho840737317_state]: ((hoare_604442164_state @ G2 @ Ts) => ((hoare_604442164_state @ G @ G2) => (hoare_604442164_state @ G @ Ts)))))). % cut
thf(fact_4_empty, axiom,
    ((![G : set_Ho840737317_state]: (hoare_604442164_state @ G @ bot_bo105666705_state)))). % empty
thf(fact_5_hoare__derivs_Oinsert, axiom,
    ((![G : set_Ho840737317_state, T2 : hoare_958474565_state, Ts : set_Ho840737317_state]: ((hoare_604442164_state @ G @ (insert776267541_state @ T2 @ bot_bo105666705_state)) => ((hoare_604442164_state @ G @ Ts) => (hoare_604442164_state @ G @ (insert776267541_state @ T2 @ Ts))))))). % hoare_derivs.insert
thf(fact_6_state__not__singleton__def, axiom,
    ((hoare_405891322gleton = (?[S2 : state]: (?[T3 : state]: (~ ((S2 = T3)))))))). % state_not_singleton_def
thf(fact_7_WT__bodiesD, axiom,
    ((![Pn : pname, B : com]: (wT_bodies => (((body @ Pn) = (some_com @ B)) => (wt @ B)))))). % WT_bodiesD
thf(fact_8_WTs__elim__cases_I7_J, axiom,
    ((![P : pname]: ((wt @ (body2 @ P)) => (~ ((![Y : com]: (~ (((body @ P) = (some_com @ Y))))))))))). % WTs_elim_cases(7)
thf(fact_9_singletonI, axiom,
    ((![A : hoare_958474565_state]: (member109514606_state @ A @ (insert776267541_state @ A @ bot_bo105666705_state))))). % singletonI
thf(fact_10_MGF__lemma1, axiom,
    ((![G : set_Ho840737317_state, C : com]: (hoare_405891322gleton => ((![X : pname]: ((member_pname @ X @ (dom_pname_com @ body)) => (hoare_604442164_state @ G @ (insert776267541_state @ (hoare_Mirabelle_MGT @ (body2 @ X)) @ bot_bo105666705_state)))) => ((wt @ C) => (hoare_604442164_state @ G @ (insert776267541_state @ (hoare_Mirabelle_MGT @ C) @ bot_bo105666705_state)))))))). % MGF_lemma1
thf(fact_11_com_Oinject_I6_J, axiom,
    ((![X7 : pname, Y7 : pname]: (((body2 @ X7) = (body2 @ Y7)) = (X7 = Y7))))). % com.inject(6)
thf(fact_12_option_Oinject, axiom,
    ((![X2 : com, Y2 : com]: (((some_com @ X2) = (some_com @ Y2)) = (X2 = Y2))))). % option.inject
thf(fact_13_insertCI, axiom,
    ((![A : hoare_958474565_state, B2 : set_Ho840737317_state, B : hoare_958474565_state]: (((~ ((member109514606_state @ A @ B2))) => (A = B)) => (member109514606_state @ A @ (insert776267541_state @ B @ B2)))))). % insertCI
thf(fact_14_insert__iff, axiom,
    ((![A : hoare_958474565_state, B : hoare_958474565_state, A2 : set_Ho840737317_state]: ((member109514606_state @ A @ (insert776267541_state @ B @ A2)) = (((A = B)) | ((member109514606_state @ A @ A2))))))). % insert_iff
thf(fact_15_insert__absorb2, axiom,
    ((![X3 : hoare_958474565_state, A2 : set_Ho840737317_state]: ((insert776267541_state @ X3 @ (insert776267541_state @ X3 @ A2)) = (insert776267541_state @ X3 @ A2))))). % insert_absorb2
thf(fact_16_empty__iff, axiom,
    ((![C : hoare_958474565_state]: (~ ((member109514606_state @ C @ bot_bo105666705_state)))))). % empty_iff
thf(fact_17_all__not__in__conv, axiom,
    ((![A2 : set_Ho840737317_state]: ((![X4 : hoare_958474565_state]: (~ ((member109514606_state @ X4 @ A2)))) = (A2 = bot_bo105666705_state))))). % all_not_in_conv
thf(fact_18_Collect__empty__eq, axiom,
    ((![P : hoare_958474565_state > $o]: (((collec305460656_state @ P) = bot_bo105666705_state) = (![X4 : hoare_958474565_state]: (~ ((P @ X4)))))))). % Collect_empty_eq
thf(fact_19_empty__Collect__eq, axiom,
    ((![P : hoare_958474565_state > $o]: ((bot_bo105666705_state = (collec305460656_state @ P)) = (![X4 : hoare_958474565_state]: (~ ((P @ X4)))))))). % empty_Collect_eq
thf(fact_20_ex__in__conv, axiom,
    ((![A2 : set_Ho840737317_state]: ((?[X4 : hoare_958474565_state]: (member109514606_state @ X4 @ A2)) = (~ ((A2 = bot_bo105666705_state))))))). % ex_in_conv
thf(fact_21_equals0I, axiom,
    ((![A2 : set_Ho840737317_state]: ((![Y : hoare_958474565_state]: (~ ((member109514606_state @ Y @ A2)))) => (A2 = bot_bo105666705_state))))). % equals0I
thf(fact_22_equals0D, axiom,
    ((![A2 : set_Ho840737317_state, A : hoare_958474565_state]: ((A2 = bot_bo105666705_state) => (~ ((member109514606_state @ A @ A2))))))). % equals0D
thf(fact_23_emptyE, axiom,
    ((![A : hoare_958474565_state]: (~ ((member109514606_state @ A @ bot_bo105666705_state)))))). % emptyE
thf(fact_24_mk__disjoint__insert, axiom,
    ((![A : hoare_958474565_state, A2 : set_Ho840737317_state]: ((member109514606_state @ A @ A2) => (?[B3 : set_Ho840737317_state]: ((A2 = (insert776267541_state @ A @ B3)) & (~ ((member109514606_state @ A @ B3))))))))). % mk_disjoint_insert
thf(fact_25_insert__commute, axiom,
    ((![X3 : hoare_958474565_state, Y3 : hoare_958474565_state, A2 : set_Ho840737317_state]: ((insert776267541_state @ X3 @ (insert776267541_state @ Y3 @ A2)) = (insert776267541_state @ Y3 @ (insert776267541_state @ X3 @ A2)))))). % insert_commute
thf(fact_26_insert__eq__iff, axiom,
    ((![A : hoare_958474565_state, A2 : set_Ho840737317_state, B : hoare_958474565_state, B2 : set_Ho840737317_state]: ((~ ((member109514606_state @ A @ A2))) => ((~ ((member109514606_state @ B @ B2))) => (((insert776267541_state @ A @ A2) = (insert776267541_state @ B @ B2)) = (((((A = B)) => ((A2 = B2)))) & ((((~ ((A = B)))) => ((?[C2 : set_Ho840737317_state]: (((A2 = (insert776267541_state @ B @ C2))) & ((((~ ((member109514606_state @ B @ C2)))) & ((((B2 = (insert776267541_state @ A @ C2))) & ((~ ((member109514606_state @ A @ C2)))))))))))))))))))). % insert_eq_iff
thf(fact_27_insert__absorb, axiom,
    ((![A : hoare_958474565_state, A2 : set_Ho840737317_state]: ((member109514606_state @ A @ A2) => ((insert776267541_state @ A @ A2) = A2))))). % insert_absorb
thf(fact_28_insert__ident, axiom,
    ((![X3 : hoare_958474565_state, A2 : set_Ho840737317_state, B2 : set_Ho840737317_state]: ((~ ((member109514606_state @ X3 @ A2))) => ((~ ((member109514606_state @ X3 @ B2))) => (((insert776267541_state @ X3 @ A2) = (insert776267541_state @ X3 @ B2)) = (A2 = B2))))))). % insert_ident
thf(fact_29_Set_Oset__insert, axiom,
    ((![X3 : hoare_958474565_state, A2 : set_Ho840737317_state]: ((member109514606_state @ X3 @ A2) => (~ ((![B3 : set_Ho840737317_state]: ((A2 = (insert776267541_state @ X3 @ B3)) => (member109514606_state @ X3 @ B3))))))))). % Set.set_insert
thf(fact_30_insertI2, axiom,
    ((![A : hoare_958474565_state, B2 : set_Ho840737317_state, B : hoare_958474565_state]: ((member109514606_state @ A @ B2) => (member109514606_state @ A @ (insert776267541_state @ B @ B2)))))). % insertI2
thf(fact_31_insertI1, axiom,
    ((![A : hoare_958474565_state, B2 : set_Ho840737317_state]: (member109514606_state @ A @ (insert776267541_state @ A @ B2))))). % insertI1
thf(fact_32_insertE, axiom,
    ((![A : hoare_958474565_state, B : hoare_958474565_state, A2 : set_Ho840737317_state]: ((member109514606_state @ A @ (insert776267541_state @ B @ A2)) => ((~ ((A = B))) => (member109514606_state @ A @ A2)))))). % insertE
thf(fact_33_singleton__inject, axiom,
    ((![A : hoare_958474565_state, B : hoare_958474565_state]: (((insert776267541_state @ A @ bot_bo105666705_state) = (insert776267541_state @ B @ bot_bo105666705_state)) => (A = B))))). % singleton_inject
thf(fact_34_insert__not__empty, axiom,
    ((![A : hoare_958474565_state, A2 : set_Ho840737317_state]: (~ (((insert776267541_state @ A @ A2) = bot_bo105666705_state)))))). % insert_not_empty
thf(fact_35_doubleton__eq__iff, axiom,
    ((![A : hoare_958474565_state, B : hoare_958474565_state, C : hoare_958474565_state, D : hoare_958474565_state]: (((insert776267541_state @ A @ (insert776267541_state @ B @ bot_bo105666705_state)) = (insert776267541_state @ C @ (insert776267541_state @ D @ bot_bo105666705_state))) = (((((A = C)) & ((B = D)))) | ((((A = D)) & ((B = C))))))))). % doubleton_eq_iff
thf(fact_36_singleton__iff, axiom,
    ((![B : hoare_958474565_state, A : hoare_958474565_state]: ((member109514606_state @ B @ (insert776267541_state @ A @ bot_bo105666705_state)) = (B = A))))). % singleton_iff
thf(fact_37_singletonD, axiom,
    ((![B : hoare_958474565_state, A : hoare_958474565_state]: ((member109514606_state @ B @ (insert776267541_state @ A @ bot_bo105666705_state)) => (B = A))))). % singletonD
thf(fact_38_insert__dom, axiom,
    ((![F : pname > option_com, X3 : pname, Y3 : com]: (((F @ X3) = (some_com @ Y3)) => ((insert_pname @ X3 @ (dom_pname_com @ F)) = (dom_pname_com @ F)))))). % insert_dom
thf(fact_39_insert__dom, axiom,
    ((![F : hoare_958474565_state > option_com, X3 : hoare_958474565_state, Y3 : com]: (((F @ X3) = (some_com @ Y3)) => ((insert776267541_state @ X3 @ (dom_Ho256784515te_com @ F)) = (dom_Ho256784515te_com @ F)))))). % insert_dom
thf(fact_40_the__elem__eq, axiom,
    ((![X3 : hoare_958474565_state]: ((the_el1300254266_state @ (insert776267541_state @ X3 @ bot_bo105666705_state)) = X3)))). % the_elem_eq
thf(fact_41_MGT__BodyN, axiom,
    ((![Pn : pname, G : set_Ho840737317_state]: ((hoare_604442164_state @ (insert776267541_state @ (hoare_Mirabelle_MGT @ (body2 @ Pn)) @ G) @ (insert776267541_state @ (hoare_Mirabelle_MGT @ (the_com @ (body @ Pn))) @ bot_bo105666705_state)) => (hoare_604442164_state @ G @ (insert776267541_state @ (hoare_Mirabelle_MGT @ (body2 @ Pn)) @ bot_bo105666705_state)))))). % MGT_BodyN
thf(fact_42_domI, axiom,
    ((![M : pname > option_com, A : pname, B : com]: (((M @ A) = (some_com @ B)) => (member_pname @ A @ (dom_pname_com @ M)))))). % domI
thf(fact_43_domI, axiom,
    ((![M : hoare_958474565_state > option_com, A : hoare_958474565_state, B : com]: (((M @ A) = (some_com @ B)) => (member109514606_state @ A @ (dom_Ho256784515te_com @ M)))))). % domI
thf(fact_44_domD, axiom,
    ((![A : pname, M : pname > option_com]: ((member_pname @ A @ (dom_pname_com @ M)) => (?[B4 : com]: ((M @ A) = (some_com @ B4))))))). % domD
thf(fact_45_domD, axiom,
    ((![A : hoare_958474565_state, M : hoare_958474565_state > option_com]: ((member109514606_state @ A @ (dom_Ho256784515te_com @ M)) => (?[B4 : com]: ((M @ A) = (some_com @ B4))))))). % domD
thf(fact_46_is__singletonI, axiom,
    ((![X3 : hoare_958474565_state]: (is_sin536631353_state @ (insert776267541_state @ X3 @ bot_bo105666705_state))))). % is_singletonI
thf(fact_47_mem__Collect__eq, axiom,
    ((![A : hoare_958474565_state, P : hoare_958474565_state > $o]: ((member109514606_state @ A @ (collec305460656_state @ P)) = (P @ A))))). % mem_Collect_eq
thf(fact_48_Collect__mem__eq, axiom,
    ((![A2 : set_Ho840737317_state]: ((collec305460656_state @ (^[X4 : hoare_958474565_state]: (member109514606_state @ X4 @ A2))) = A2)))). % Collect_mem_eq
thf(fact_49_these__insert__Some, axiom,
    ((![X3 : hoare_958474565_state, A2 : set_op1790085995_state]: ((these_1282564994_state @ (insert677809883_state @ (some_H1327573290_state @ X3) @ A2)) = (insert776267541_state @ X3 @ (these_1282564994_state @ A2)))))). % these_insert_Some
thf(fact_50_these__insert__Some, axiom,
    ((![X3 : com, A2 : set_option_com]: ((these_com @ (insert_option_com @ (some_com @ X3) @ A2)) = (insert_com @ X3 @ (these_com @ A2)))))). % these_insert_Some
thf(fact_51_Set_Ois__empty__def, axiom,
    ((is_emp266830871_state = (^[A3 : set_Ho840737317_state]: (A3 = bot_bo105666705_state))))). % Set.is_empty_def
thf(fact_52_these__empty, axiom,
    (((these_1282564994_state @ bot_bo472264663_state) = bot_bo105666705_state))). % these_empty
thf(fact_53_bot__set__def, axiom,
    ((bot_bo105666705_state = (collec305460656_state @ bot_bo1428770700tate_o)))). % bot_set_def
thf(fact_54_option_Osel, axiom,
    ((![X2 : com]: ((the_com @ (some_com @ X2)) = X2)))). % option.sel
thf(fact_55_in__these__eq, axiom,
    ((![X3 : hoare_958474565_state, A2 : set_op1790085995_state]: ((member109514606_state @ X3 @ (these_1282564994_state @ A2)) = (member1754906036_state @ (some_H1327573290_state @ X3) @ A2))))). % in_these_eq
thf(fact_56_in__these__eq, axiom,
    ((![X3 : com, A2 : set_option_com]: ((member_com @ X3 @ (these_com @ A2)) = (member_option_com @ (some_com @ X3) @ A2))))). % in_these_eq
thf(fact_57_is__singleton__the__elem, axiom,
    ((is_sin536631353_state = (^[A3 : set_Ho840737317_state]: (A3 = (insert776267541_state @ (the_el1300254266_state @ A3) @ bot_bo105666705_state)))))). % is_singleton_the_elem
thf(fact_58_is__singletonI_H, axiom,
    ((![A2 : set_Ho840737317_state]: ((~ ((A2 = bot_bo105666705_state))) => ((![X : hoare_958474565_state, Y : hoare_958474565_state]: ((member109514606_state @ X @ A2) => ((member109514606_state @ Y @ A2) => (X = Y)))) => (is_sin536631353_state @ A2)))))). % is_singletonI'
thf(fact_59_is__singletonE, axiom,
    ((![A2 : set_Ho840737317_state]: ((is_sin536631353_state @ A2) => (~ ((![X : hoare_958474565_state]: (~ ((A2 = (insert776267541_state @ X @ bot_bo105666705_state))))))))))). % is_singletonE
thf(fact_60_is__singleton__def, axiom,
    ((is_sin536631353_state = (^[A3 : set_Ho840737317_state]: (?[X4 : hoare_958474565_state]: (A3 = (insert776267541_state @ X4 @ bot_bo105666705_state))))))). % is_singleton_def
thf(fact_61_BodyN, axiom,
    ((![P : state > state > $o, Pn : pname, Q : state > state > $o, G : set_Ho840737317_state]: ((hoare_604442164_state @ (insert776267541_state @ (hoare_1659279548_state @ P @ (body2 @ Pn) @ Q) @ G) @ (insert776267541_state @ (hoare_1659279548_state @ P @ (the_com @ (body @ Pn)) @ Q) @ bot_bo105666705_state)) => (hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P @ (body2 @ Pn) @ Q) @ bot_bo105666705_state)))))). % BodyN
thf(fact_62_weak__Body, axiom,
    ((![G : set_Ho840737317_state, P : state > state > $o, Pn : pname, Q : state > state > $o]: ((hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P @ (the_com @ (body @ Pn)) @ Q) @ bot_bo105666705_state)) => (hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P @ (body2 @ Pn) @ Q) @ bot_bo105666705_state)))))). % weak_Body
thf(fact_63_these__not__empty__eq, axiom,
    ((![B2 : set_option_com]: ((~ (((these_com @ B2) = bot_bot_set_com))) = (((~ ((B2 = bot_bo697186986on_com)))) & ((~ ((B2 = (insert_option_com @ none_com @ bot_bo697186986on_com)))))))))). % these_not_empty_eq
thf(fact_64_these__not__empty__eq, axiom,
    ((![B2 : set_op1790085995_state]: ((~ (((these_1282564994_state @ B2) = bot_bo105666705_state))) = (((~ ((B2 = bot_bo472264663_state)))) & ((~ ((B2 = (insert677809883_state @ none_H2001963430_state @ bot_bo472264663_state)))))))))). % these_not_empty_eq
thf(fact_65_these__empty__eq, axiom,
    ((![B2 : set_option_com]: (((these_com @ B2) = bot_bot_set_com) = (((B2 = bot_bo697186986on_com)) | ((B2 = (insert_option_com @ none_com @ bot_bo697186986on_com)))))))). % these_empty_eq
thf(fact_66_these__empty__eq, axiom,
    ((![B2 : set_op1790085995_state]: (((these_1282564994_state @ B2) = bot_bo105666705_state) = (((B2 = bot_bo472264663_state)) | ((B2 = (insert677809883_state @ none_H2001963430_state @ bot_bo472264663_state)))))))). % these_empty_eq
thf(fact_67_option_Osimps_I15_J, axiom,
    ((![X2 : com]: ((set_option_com2 @ (some_com @ X2)) = (insert_com @ X2 @ bot_bot_set_com))))). % option.simps(15)
thf(fact_68_option_Osimps_I15_J, axiom,
    ((![X2 : hoare_958474565_state]: ((set_op1542142163_state @ (some_H1327573290_state @ X2)) = (insert776267541_state @ X2 @ bot_bo105666705_state))))). % option.simps(15)
thf(fact_69_triple_Oinject, axiom,
    ((![X1 : state > state > $o, X2 : com, X32 : state > state > $o, Y1 : state > state > $o, Y2 : com, Y32 : state > state > $o]: (((hoare_1659279548_state @ X1 @ X2 @ X32) = (hoare_1659279548_state @ Y1 @ Y2 @ Y32)) = (((X1 = Y1)) & ((((X2 = Y2)) & ((X32 = Y32))))))))). % triple.inject
thf(fact_70_not__Some__eq, axiom,
    ((![X3 : option_com]: ((![Y4 : com]: (~ ((X3 = (some_com @ Y4))))) = (X3 = none_com))))). % not_Some_eq
thf(fact_71_not__None__eq, axiom,
    ((![X3 : option_com]: ((~ ((X3 = none_com))) = (?[Y4 : com]: (X3 = (some_com @ Y4))))))). % not_None_eq
thf(fact_72_elem__set, axiom,
    ((![X3 : hoare_958474565_state, Xo : option1481361675_state]: ((member109514606_state @ X3 @ (set_op1542142163_state @ Xo)) = (Xo = (some_H1327573290_state @ X3)))))). % elem_set
thf(fact_73_elem__set, axiom,
    ((![X3 : com, Xo : option_com]: ((member_com @ X3 @ (set_option_com2 @ Xo)) = (Xo = (some_com @ X3)))))). % elem_set
thf(fact_74_dom__eq__empty__conv, axiom,
    ((![F : pname > option_com]: (((dom_pname_com @ F) = bot_bot_set_pname) = (F = (^[X4 : pname]: none_com)))))). % dom_eq_empty_conv
thf(fact_75_dom__eq__empty__conv, axiom,
    ((![F : hoare_958474565_state > option_com]: (((dom_Ho256784515te_com @ F) = bot_bo105666705_state) = (F = (^[X4 : hoare_958474565_state]: none_com)))))). % dom_eq_empty_conv
thf(fact_76_set__empty__eq, axiom,
    ((![Xo : option_com]: (((set_option_com2 @ Xo) = bot_bot_set_com) = (Xo = none_com))))). % set_empty_eq
thf(fact_77_set__empty__eq, axiom,
    ((![Xo : option1481361675_state]: (((set_op1542142163_state @ Xo) = bot_bo105666705_state) = (Xo = none_H2001963430_state))))). % set_empty_eq
thf(fact_78_option_Ocollapse, axiom,
    ((![Option : option_com]: ((~ ((Option = none_com))) => ((some_com @ (the_com @ Option)) = Option))))). % option.collapse
thf(fact_79_these__insert__None, axiom,
    ((![A2 : set_option_com]: ((these_com @ (insert_option_com @ none_com @ A2)) = (these_com @ A2))))). % these_insert_None
thf(fact_80_option_Osimps_I14_J, axiom,
    (((set_option_com2 @ none_com) = bot_bot_set_com))). % option.simps(14)
thf(fact_81_option_Osimps_I14_J, axiom,
    (((set_op1542142163_state @ none_H2001963430_state) = bot_bo105666705_state))). % option.simps(14)
thf(fact_82_option_Oset__sel, axiom,
    ((![A : option1481361675_state]: ((~ ((A = none_H2001963430_state))) => (member109514606_state @ (the_Ho1294110169_state @ A) @ (set_op1542142163_state @ A)))))). % option.set_sel
thf(fact_83_option_Oset__sel, axiom,
    ((![A : option_com]: ((~ ((A = none_com))) => (member_com @ (the_com @ A) @ (set_option_com2 @ A)))))). % option.set_sel
thf(fact_84_triple_Oinduct, axiom,
    ((![P : hoare_958474565_state > $o, Triple : hoare_958474565_state]: ((![X1a : state > state > $o, X2a : com, X3a : state > state > $o]: (P @ (hoare_1659279548_state @ X1a @ X2a @ X3a))) => (P @ Triple))))). % triple.induct
thf(fact_85_triple_Oexhaust, axiom,
    ((![Y3 : hoare_958474565_state]: (~ ((![X12 : state > state > $o, X22 : com, X33 : state > state > $o]: (~ ((Y3 = (hoare_1659279548_state @ X12 @ X22 @ X33)))))))))). % triple.exhaust
thf(fact_86_combine__options__cases, axiom,
    ((![X3 : option_com, P : option_com > option_com > $o, Y3 : option_com]: (((X3 = none_com) => (P @ X3 @ Y3)) => (((Y3 = none_com) => (P @ X3 @ Y3)) => ((![A4 : com, B4 : com]: ((X3 = (some_com @ A4)) => ((Y3 = (some_com @ B4)) => (P @ X3 @ Y3)))) => (P @ X3 @ Y3))))))). % combine_options_cases
thf(fact_87_split__option__all, axiom,
    (((^[P2 : option_com > $o]: (![X5 : option_com]: (P2 @ X5))) = (^[P3 : option_com > $o]: (((P3 @ none_com)) & ((![X4 : com]: (P3 @ (some_com @ X4))))))))). % split_option_all
thf(fact_88_split__option__ex, axiom,
    (((^[P2 : option_com > $o]: (?[X5 : option_com]: (P2 @ X5))) = (^[P3 : option_com > $o]: (((P3 @ none_com)) | ((?[X4 : com]: (P3 @ (some_com @ X4))))))))). % split_option_ex
thf(fact_89_option_Oinducts, axiom,
    ((![P : option_com > $o, Option : option_com]: ((P @ none_com) => ((![X : com]: (P @ (some_com @ X))) => (P @ Option)))))). % option.inducts
thf(fact_90_option_Oexhaust, axiom,
    ((![Y3 : option_com]: ((~ ((Y3 = none_com))) => (~ ((![X22 : com]: (~ ((Y3 = (some_com @ X22))))))))))). % option.exhaust
thf(fact_91_option_OdiscI, axiom,
    ((![Option : option_com, X2 : com]: ((Option = (some_com @ X2)) => (~ ((Option = none_com))))))). % option.discI
thf(fact_92_option_Odistinct_I1_J, axiom,
    ((![X2 : com]: (~ ((none_com = (some_com @ X2))))))). % option.distinct(1)
thf(fact_93_domIff, axiom,
    ((![A : pname, M : pname > option_com]: ((member_pname @ A @ (dom_pname_com @ M)) = (~ (((M @ A) = none_com))))))). % domIff
thf(fact_94_domIff, axiom,
    ((![A : hoare_958474565_state, M : hoare_958474565_state > option_com]: ((member109514606_state @ A @ (dom_Ho256784515te_com @ M)) = (~ (((M @ A) = none_com))))))). % domIff
thf(fact_95_option_Oexpand, axiom,
    ((![Option : option_com, Option2 : option_com]: (((Option = none_com) = (Option2 = none_com)) => (((~ ((Option = none_com))) => ((~ ((Option2 = none_com))) => ((the_com @ Option) = (the_com @ Option2)))) => (Option = Option2)))))). % option.expand
thf(fact_96_option_Oset__intros, axiom,
    ((![X2 : hoare_958474565_state]: (member109514606_state @ X2 @ (set_op1542142163_state @ (some_H1327573290_state @ X2)))))). % option.set_intros
thf(fact_97_option_Oset__intros, axiom,
    ((![X2 : com]: (member_com @ X2 @ (set_option_com2 @ (some_com @ X2)))))). % option.set_intros
thf(fact_98_option_Oset__cases, axiom,
    ((![E : hoare_958474565_state, A : option1481361675_state]: ((member109514606_state @ E @ (set_op1542142163_state @ A)) => (A = (some_H1327573290_state @ E)))))). % option.set_cases
thf(fact_99_option_Oset__cases, axiom,
    ((![E : com, A : option_com]: ((member_com @ E @ (set_option_com2 @ A)) => (A = (some_com @ E)))))). % option.set_cases
thf(fact_100_ospec, axiom,
    ((![A2 : option_com, P : com > $o, X3 : com]: ((![X : com]: ((member_com @ X @ (set_option_com2 @ A2)) => (P @ X))) => ((A2 = (some_com @ X3)) => (P @ X3)))))). % ospec
thf(fact_101_option_Oexhaust__sel, axiom,
    ((![Option : option_com]: ((~ ((Option = none_com))) => (Option = (some_com @ (the_com @ Option))))))). % option.exhaust_sel
thf(fact_102_conseq, axiom,
    ((![P : state > state > $o, G : set_Ho840737317_state, C : com, Q : state > state > $o]: ((![Z : state, S : state]: ((P @ Z @ S) => (?[P4 : state > state > $o, Q2 : state > state > $o]: ((hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P4 @ C @ Q2) @ bot_bo105666705_state)) & (![S3 : state]: ((![Z2 : state]: ((P4 @ Z2 @ S) => (Q2 @ Z2 @ S3))) => (Q @ Z @ S3))))))) => (hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P @ C @ Q) @ bot_bo105666705_state)))))). % conseq
thf(fact_103_conseq12, axiom,
    ((![G : set_Ho840737317_state, P5 : state > state > $o, C : com, Q3 : state > state > $o, P : state > state > $o, Q : state > state > $o]: ((hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P5 @ C @ Q3) @ bot_bo105666705_state)) => ((![Z : state, S : state]: ((P @ Z @ S) => (![S3 : state]: ((![Z2 : state]: ((P5 @ Z2 @ S) => (Q3 @ Z2 @ S3))) => (Q @ Z @ S3))))) => (hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P @ C @ Q) @ bot_bo105666705_state))))))). % conseq12
thf(fact_104_conseq2, axiom,
    ((![G : set_Ho840737317_state, P : state > state > $o, C : com, Q3 : state > state > $o, Q : state > state > $o]: ((hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P @ C @ Q3) @ bot_bo105666705_state)) => ((![Z : state, S : state]: ((Q3 @ Z @ S) => (Q @ Z @ S))) => (hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P @ C @ Q) @ bot_bo105666705_state))))))). % conseq2
thf(fact_105_conseq1, axiom,
    ((![G : set_Ho840737317_state, P5 : state > state > $o, C : com, Q : state > state > $o, P : state > state > $o]: ((hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P5 @ C @ Q) @ bot_bo105666705_state)) => ((![Z : state, S : state]: ((P @ Z @ S) => (P5 @ Z @ S))) => (hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P @ C @ Q) @ bot_bo105666705_state))))))). % conseq1
thf(fact_106_WT_OBody, axiom,
    ((![Pn : pname]: ((~ (((body @ Pn) = none_com))) => (wt @ (body2 @ Pn)))))). % WT.Body
thf(fact_107_MGF__complete, axiom,
    ((![C : com, P : state > state > $o, Q : state > state > $o]: ((hoare_604442164_state @ bot_bo105666705_state @ (insert776267541_state @ (hoare_Mirabelle_MGT @ C) @ bot_bo105666705_state)) => ((hoare_318887606_state @ bot_bo105666705_state @ (insert776267541_state @ (hoare_1659279548_state @ P @ C @ Q) @ bot_bo105666705_state)) => (hoare_604442164_state @ bot_bo105666705_state @ (insert776267541_state @ (hoare_1659279548_state @ P @ C @ Q) @ bot_bo105666705_state))))))). % MGF_complete
thf(fact_108_bot__empty__eq, axiom,
    ((bot_bo1428770700tate_o = (^[X4 : hoare_958474565_state]: (member109514606_state @ X4 @ bot_bo105666705_state))))). % bot_empty_eq
thf(fact_109_Collect__empty__eq__bot, axiom,
    ((![P : hoare_958474565_state > $o]: (((collec305460656_state @ P) = bot_bo105666705_state) = (P = bot_bo1428770700tate_o))))). % Collect_empty_eq_bot
thf(fact_110_hoare__derivs_OSkip, axiom,
    ((![G : set_Ho840737317_state, P : state > state > $o]: (hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P @ skip @ P) @ bot_bo105666705_state))))). % hoare_derivs.Skip
thf(fact_111_Comp, axiom,
    ((![G : set_Ho840737317_state, P : state > state > $o, C : com, Q : state > state > $o, D : com, R : state > state > $o]: ((hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P @ C @ Q) @ bot_bo105666705_state)) => ((hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ Q @ D @ R) @ bot_bo105666705_state)) => (hoare_604442164_state @ G @ (insert776267541_state @ (hoare_1659279548_state @ P @ (semi @ C @ D) @ R) @ bot_bo105666705_state))))))). % Comp
thf(fact_112_com_Oinject_I3_J, axiom,
    ((![X41 : com, X42 : com, Y41 : com, Y42 : com]: (((semi @ X41 @ X42) = (semi @ Y41 @ Y42)) = (((X41 = Y41)) & ((X42 = Y42))))))). % com.inject(3)
thf(fact_113_com_Odistinct_I5_J, axiom,
    ((![X41 : com, X42 : com]: (~ ((skip = (semi @ X41 @ X42))))))). % com.distinct(5)
thf(fact_114_WTs__elim__cases_I4_J, axiom,
    ((![C1 : com, C22 : com]: ((wt @ (semi @ C1 @ C22)) => (~ (((wt @ C1) => (~ ((wt @ C22)))))))))). % WTs_elim_cases(4)
thf(fact_115_WT_OSemi, axiom,
    ((![C0 : com, C1 : com]: ((wt @ C0) => ((wt @ C1) => (wt @ (semi @ C0 @ C1))))))). % WT.Semi
thf(fact_116_com_Odistinct_I41_J, axiom,
    ((![X41 : com, X42 : com, X7 : pname]: (~ (((semi @ X41 @ X42) = (body2 @ X7))))))). % com.distinct(41)
thf(fact_117_WT_OSkip, axiom,
    ((wt @ skip))). % WT.Skip
thf(fact_118_com_Odistinct_I11_J, axiom,
    ((![X7 : pname]: (~ ((skip = (body2 @ X7))))))). % com.distinct(11)
thf(fact_119_hoare__sound, axiom,
    ((![G : set_Ho840737317_state, Ts : set_Ho840737317_state]: ((hoare_604442164_state @ G @ Ts) => (hoare_318887606_state @ G @ Ts))))). % hoare_sound
thf(fact_120_dom__minus, axiom,
    ((![F : pname > option_com, X3 : pname, A2 : set_pname]: (((F @ X3) = none_com) => ((minus_1937938585_pname @ (dom_pname_com @ F) @ (insert_pname @ X3 @ A2)) = (minus_1937938585_pname @ (dom_pname_com @ F) @ A2)))))). % dom_minus
thf(fact_121_dom__minus, axiom,
    ((![F : hoare_958474565_state > option_com, X3 : hoare_958474565_state, A2 : set_Ho840737317_state]: (((F @ X3) = none_com) => ((minus_1628593292_state @ (dom_Ho256784515te_com @ F) @ (insert776267541_state @ X3 @ A2)) = (minus_1628593292_state @ (dom_Ho256784515te_com @ F) @ A2)))))). % dom_minus
thf(fact_122_restrict__map__to__empty, axiom,
    ((![M : hoare_958474565_state > option_com]: ((restri728503333te_com @ M @ bot_bo105666705_state) = (^[X4 : hoare_958474565_state]: none_com))))). % restrict_map_to_empty
thf(fact_123_DiffI, axiom,
    ((![C : hoare_958474565_state, A2 : set_Ho840737317_state, B2 : set_Ho840737317_state]: ((member109514606_state @ C @ A2) => ((~ ((member109514606_state @ C @ B2))) => (member109514606_state @ C @ (minus_1628593292_state @ A2 @ B2))))))). % DiffI
thf(fact_124_Diff__iff, axiom,
    ((![C : hoare_958474565_state, A2 : set_Ho840737317_state, B2 : set_Ho840737317_state]: ((member109514606_state @ C @ (minus_1628593292_state @ A2 @ B2)) = (((member109514606_state @ C @ A2)) & ((~ ((member109514606_state @ C @ B2))))))))). % Diff_iff
thf(fact_125_Diff__cancel, axiom,
    ((![A2 : set_Ho840737317_state]: ((minus_1628593292_state @ A2 @ A2) = bot_bo105666705_state)))). % Diff_cancel
thf(fact_126_empty__Diff, axiom,
    ((![A2 : set_Ho840737317_state]: ((minus_1628593292_state @ bot_bo105666705_state @ A2) = bot_bo105666705_state)))). % empty_Diff
thf(fact_127_Diff__empty, axiom,
    ((![A2 : set_Ho840737317_state]: ((minus_1628593292_state @ A2 @ bot_bo105666705_state) = A2)))). % Diff_empty
thf(fact_128_insert__Diff1, axiom,
    ((![X3 : hoare_958474565_state, B2 : set_Ho840737317_state, A2 : set_Ho840737317_state]: ((member109514606_state @ X3 @ B2) => ((minus_1628593292_state @ (insert776267541_state @ X3 @ A2) @ B2) = (minus_1628593292_state @ A2 @ B2)))))). % insert_Diff1
thf(fact_129_Diff__insert0, axiom,
    ((![X3 : hoare_958474565_state, A2 : set_Ho840737317_state, B2 : set_Ho840737317_state]: ((~ ((member109514606_state @ X3 @ A2))) => ((minus_1628593292_state @ A2 @ (insert776267541_state @ X3 @ B2)) = (minus_1628593292_state @ A2 @ B2)))))). % Diff_insert0
thf(fact_130_restrict__out, axiom,
    ((![X3 : hoare_958474565_state, A2 : set_Ho840737317_state, M : hoare_958474565_state > option_com]: ((~ ((member109514606_state @ X3 @ A2))) => ((restri728503333te_com @ M @ A2 @ X3) = none_com))))). % restrict_out
thf(fact_131_insert__Diff__single, axiom,
    ((![A : hoare_958474565_state, A2 : set_Ho840737317_state]: ((insert776267541_state @ A @ (minus_1628593292_state @ A2 @ (insert776267541_state @ A @ bot_bo105666705_state))) = (insert776267541_state @ A @ A2))))). % insert_Diff_single
thf(fact_132_Diff__insert__absorb, axiom,
    ((![X3 : hoare_958474565_state, A2 : set_Ho840737317_state]: ((~ ((member109514606_state @ X3 @ A2))) => ((minus_1628593292_state @ (insert776267541_state @ X3 @ A2) @ (insert776267541_state @ X3 @ bot_bo105666705_state)) = A2))))). % Diff_insert_absorb
thf(fact_133_Diff__insert2, axiom,
    ((![A2 : set_Ho840737317_state, A : hoare_958474565_state, B2 : set_Ho840737317_state]: ((minus_1628593292_state @ A2 @ (insert776267541_state @ A @ B2)) = (minus_1628593292_state @ (minus_1628593292_state @ A2 @ (insert776267541_state @ A @ bot_bo105666705_state)) @ B2))))). % Diff_insert2
thf(fact_134_insert__Diff, axiom,
    ((![A : hoare_958474565_state, A2 : set_Ho840737317_state]: ((member109514606_state @ A @ A2) => ((insert776267541_state @ A @ (minus_1628593292_state @ A2 @ (insert776267541_state @ A @ bot_bo105666705_state))) = A2))))). % insert_Diff
thf(fact_135_Diff__insert, axiom,
    ((![A2 : set_Ho840737317_state, A : hoare_958474565_state, B2 : set_Ho840737317_state]: ((minus_1628593292_state @ A2 @ (insert776267541_state @ A @ B2)) = (minus_1628593292_state @ (minus_1628593292_state @ A2 @ B2) @ (insert776267541_state @ A @ bot_bo105666705_state)))))). % Diff_insert
thf(fact_136_insert__Diff__if, axiom,
    ((![X3 : hoare_958474565_state, B2 : set_Ho840737317_state, A2 : set_Ho840737317_state]: (((member109514606_state @ X3 @ B2) => ((minus_1628593292_state @ (insert776267541_state @ X3 @ A2) @ B2) = (minus_1628593292_state @ A2 @ B2))) & ((~ ((member109514606_state @ X3 @ B2))) => ((minus_1628593292_state @ (insert776267541_state @ X3 @ A2) @ B2) = (insert776267541_state @ X3 @ (minus_1628593292_state @ A2 @ B2)))))))). % insert_Diff_if
thf(fact_137_DiffE, axiom,
    ((![C : hoare_958474565_state, A2 : set_Ho840737317_state, B2 : set_Ho840737317_state]: ((member109514606_state @ C @ (minus_1628593292_state @ A2 @ B2)) => (~ (((member109514606_state @ C @ A2) => (member109514606_state @ C @ B2)))))))). % DiffE
thf(fact_138_DiffD1, axiom,
    ((![C : hoare_958474565_state, A2 : set_Ho840737317_state, B2 : set_Ho840737317_state]: ((member109514606_state @ C @ (minus_1628593292_state @ A2 @ B2)) => (member109514606_state @ C @ A2))))). % DiffD1
thf(fact_139_DiffD2, axiom,
    ((![C : hoare_958474565_state, A2 : set_Ho840737317_state, B2 : set_Ho840737317_state]: ((member109514606_state @ C @ (minus_1628593292_state @ A2 @ B2)) => (~ ((member109514606_state @ C @ B2))))))). % DiffD2
thf(fact_140_restrict__map__def, axiom,
    ((restri728503333te_com = (^[M2 : hoare_958474565_state > option_com]: (^[A3 : set_Ho840737317_state]: (^[X4 : hoare_958474565_state]: (if_option_com @ (member109514606_state @ X4 @ A3) @ (M2 @ X4) @ none_com))))))). % restrict_map_def
thf(fact_141_remove__def, axiom,
    ((remove586333994_state = (^[X4 : hoare_958474565_state]: (^[A3 : set_Ho840737317_state]: (minus_1628593292_state @ A3 @ (insert776267541_state @ X4 @ bot_bo105666705_state))))))). % remove_def
thf(fact_142_fun__upd__None__restrict, axiom,
    ((![X3 : hoare_958474565_state, D2 : set_Ho840737317_state, M : hoare_958474565_state > option_com]: (((member109514606_state @ X3 @ D2) => ((fun_up1004863592on_com @ (restri728503333te_com @ M @ D2) @ X3 @ none_com) = (restri728503333te_com @ M @ (minus_1628593292_state @ D2 @ (insert776267541_state @ X3 @ bot_bo105666705_state))))) & ((~ ((member109514606_state @ X3 @ D2))) => ((fun_up1004863592on_com @ (restri728503333te_com @ M @ D2) @ X3 @ none_com) = (restri728503333te_com @ M @ D2))))))). % fun_upd_None_restrict
thf(fact_143_member__remove, axiom,
    ((![X3 : hoare_958474565_state, Y3 : hoare_958474565_state, A2 : set_Ho840737317_state]: ((member109514606_state @ X3 @ (remove586333994_state @ Y3 @ A2)) = (((member109514606_state @ X3 @ A2)) & ((~ ((X3 = Y3))))))))). % member_remove
thf(fact_144_dom__fun__upd, axiom,
    ((![Y3 : option_com, F : pname > option_com, X3 : pname]: (((Y3 = none_com) => ((dom_pname_com @ (fun_up591155689on_com @ F @ X3 @ Y3)) = (minus_1937938585_pname @ (dom_pname_com @ F) @ (insert_pname @ X3 @ bot_bot_set_pname)))) & ((~ ((Y3 = none_com))) => ((dom_pname_com @ (fun_up591155689on_com @ F @ X3 @ Y3)) = (insert_pname @ X3 @ (dom_pname_com @ F)))))))). % dom_fun_upd
thf(fact_145_dom__fun__upd, axiom,
    ((![Y3 : option_com, F : hoare_958474565_state > option_com, X3 : hoare_958474565_state]: (((Y3 = none_com) => ((dom_Ho256784515te_com @ (fun_up1004863592on_com @ F @ X3 @ Y3)) = (minus_1628593292_state @ (dom_Ho256784515te_com @ F) @ (insert776267541_state @ X3 @ bot_bo105666705_state)))) & ((~ ((Y3 = none_com))) => ((dom_Ho256784515te_com @ (fun_up1004863592on_com @ F @ X3 @ Y3)) = (insert776267541_state @ X3 @ (dom_Ho256784515te_com @ F)))))))). % dom_fun_upd

% Helper facts (3)
thf(help_If_3_1_If_001t__Option__Ooption_It__Com__Ocom_J_T, axiom,
    ((![P : $o]: ((P = $true) | (P = $false))))).
thf(help_If_2_1_If_001t__Option__Ooption_It__Com__Ocom_J_T, axiom,
    ((![X3 : option_com, Y3 : option_com]: ((if_option_com @ $false @ X3 @ Y3) = Y3)))).
thf(help_If_1_1_If_001t__Option__Ooption_It__Com__Ocom_J_T, axiom,
    ((![X3 : option_com, Y3 : option_com]: ((if_option_com @ $true @ X3 @ Y3) = X3)))).

% Conjectures (5)
thf(conj_0, hypothesis,
    (hoare_405891322gleton)).
thf(conj_1, hypothesis,
    (wT_bodies)).
thf(conj_2, hypothesis,
    ((wt @ c))).
thf(conj_3, hypothesis,
    (((body @ pn) = (some_com @ y)))).
thf(conj_4, conjecture,
    ((hoare_604442164_state @ bot_bo105666705_state @ (insert776267541_state @ (hoare_Mirabelle_MGT @ (body2 @ pn)) @ bot_bo105666705_state)))).
