% TIMEFORMAT='%3R'; { time (exec 2>&1; /home/martin/bin/satallax -E /home/martin/.isabelle/contrib/e-2.5-1/x86_64-linux/eprover -p tstp -t 5 /home/martin/judgement-day/tptp-thf/tptp/Hoare/prob_510__3255496_1 ) ; }
% This file was generated by Isabelle (most likely Sledgehammer)
% 2020-12-16 14:15:26.677

% Could-be-implicit typings (8)
thf(ty_n_t__Set__Oset_It__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J_J, type,
    set_Ho137910533iple_a : $tType).
thf(ty_n_t__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J, type,
    hoare_1678595023iple_a : $tType).
thf(ty_n_t__Com__Ovname, type,
    vname : $tType).
thf(ty_n_t__Com__Ostate, type,
    state : $tType).
thf(ty_n_t__Nat__Onat, type,
    nat : $tType).
thf(ty_n_t__Com__Oloc, type,
    loc : $tType).
thf(ty_n_t__Com__Ocom, type,
    com : $tType).
thf(ty_n_tf__a, type,
    a : $tType).

% Explicit typings (33)
thf(sy_c_Com_Ocom_OAss, type,
    ass : vname > (state > nat) > com).
thf(sy_c_Com_Ocom_OCond, type,
    cond : (state > $o) > com > com > com).
thf(sy_c_Com_Ocom_OLocal, type,
    local : loc > (state > nat) > com > com).
thf(sy_c_Com_Ocom_OSKIP, type,
    skip : com).
thf(sy_c_Com_Ocom_OSemi, type,
    semi : com > com > com).
thf(sy_c_Com_Ocom_OWhile, type,
    while : (state > $o) > com > com).
thf(sy_c_Com_Ovname_OLoc, type,
    loc2 : loc > vname).
thf(sy_c_Fun_Ocomp_001_Eo_001_Eo_001t__Com__Ostate, type,
    comp_o_o_state : ($o > $o) > (state > $o) > state > $o).
thf(sy_c_HOL_OThe_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J, type,
    the_Ho1602500360iple_a : (hoare_1678595023iple_a > $o) > hoare_1678595023iple_a).
thf(sy_c_Hoare__Mirabelle__raqjowkjvm_Ohoare__derivs_001tf__a, type,
    hoare_129598474rivs_a : set_Ho137910533iple_a > set_Ho137910533iple_a > $o).
thf(sy_c_Hoare__Mirabelle__raqjowkjvm_Ohoare__valids_001tf__a, type,
    hoare_1775499016lids_a : set_Ho137910533iple_a > set_Ho137910533iple_a > $o).
thf(sy_c_Hoare__Mirabelle__raqjowkjvm_Opeek__and_001tf__a, type,
    hoare_1795417776_and_a : (a > state > $o) > (state > $o) > a > state > $o).
thf(sy_c_Hoare__Mirabelle__raqjowkjvm_Otriple_Otriple_001tf__a, type,
    hoare_719046530iple_a : (a > state > $o) > com > (a > state > $o) > hoare_1678595023iple_a).
thf(sy_c_Hoare__Mirabelle__raqjowkjvm_Otriple__valid_001tf__a, type,
    hoare_1926814542alid_a : nat > hoare_1678595023iple_a > $o).
thf(sy_c_Natural_Oevalc, type,
    evalc : com > state > state > $o).
thf(sy_c_Natural_Oevaln, type,
    evaln : com > state > nat > state > $o).
thf(sy_c_Natural_Ogetlocs, type,
    getlocs : state > loc > nat).
thf(sy_c_Natural_Oupdate, type,
    update : state > vname > nat > state).
thf(sy_c_Orderings_Obot__class_Obot_001_062_It__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J_M_Eo_J, type,
    bot_bo431311916le_a_o : hoare_1678595023iple_a > $o).
thf(sy_c_Orderings_Obot__class_Obot_001t__Set__Oset_It__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J_J, type,
    bot_bo1298296729iple_a : set_Ho137910533iple_a).
thf(sy_c_Set_OCollect_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J, type,
    collec1600235172iple_a : (hoare_1678595023iple_a > $o) > set_Ho137910533iple_a).
thf(sy_c_Set_Oinsert_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J, type,
    insert1477804543iple_a : hoare_1678595023iple_a > set_Ho137910533iple_a > set_Ho137910533iple_a).
thf(sy_c_Set_Ois__empty_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J, type,
    is_emp901906557iple_a : set_Ho137910533iple_a > $o).
thf(sy_c_Set_Ois__singleton_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J, type,
    is_sin1784037339iple_a : set_Ho137910533iple_a > $o).
thf(sy_c_Set_Othe__elem_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J, type,
    the_el434698138iple_a : set_Ho137910533iple_a > hoare_1678595023iple_a).
thf(sy_c_member_001t__Hoare____Mirabelle____raqjowkjvm__Otriple_Itf__a_J, type,
    member1332298086iple_a : hoare_1678595023iple_a > set_Ho137910533iple_a > $o).
thf(sy_v_G, type,
    g : set_Ho137910533iple_a).
thf(sy_v_P, type,
    p : a > state > $o).
thf(sy_v_Q, type,
    q : a > state > $o).
thf(sy_v_Y, type,
    y : loc).
thf(sy_v_a, type,
    a2 : state > nat).
thf(sy_v_c, type,
    c : com).
thf(sy_v_s_H, type,
    s : state).

% Relevant facts (127)
thf(fact_0_triple_Oinject, axiom,
    ((![X1 : a > state > $o, X2 : com, X3 : a > state > $o, Y1 : a > state > $o, Y2 : com, Y3 : a > state > $o]: (((hoare_719046530iple_a @ X1 @ X2 @ X3) = (hoare_719046530iple_a @ Y1 @ Y2 @ Y3)) = (((X1 = Y1)) & ((((X2 = Y2)) & ((X3 = Y3))))))))). % triple.inject
thf(fact_1_disj, axiom,
    ((![G : set_Ho137910533iple_a, P : a > state > $o, C : com, Q : a > state > $o, P2 : a > state > $o, Q2 : a > state > $o]: ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ C @ Q) @ bot_bo1298296729iple_a)) => ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P2 @ C @ Q2) @ bot_bo1298296729iple_a)) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (^[Z : a]: (^[S : state]: (((P @ Z @ S)) | ((P2 @ Z @ S))))) @ C @ (^[Z : a]: (^[S : state]: (((Q @ Z @ S)) | ((Q2 @ Z @ S)))))) @ bot_bo1298296729iple_a))))))). % disj
thf(fact_2_trueI, axiom,
    ((![G : set_Ho137910533iple_a, P : a > state > $o, C : com]: (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ C @ (^[Z : a]: (^[S : state]: $true))) @ bot_bo1298296729iple_a))))). % trueI
thf(fact_3_escape, axiom,
    ((![P : a > state > $o, G : set_Ho137910533iple_a, C : com, Q : a > state > $o]: ((![Z2 : a, S2 : state]: ((P @ Z2 @ S2) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (^[Za : a]: (^[S3 : state]: (S3 = S2))) @ C @ (^[Z3 : a]: (Q @ Z2))) @ bot_bo1298296729iple_a)))) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ C @ Q) @ bot_bo1298296729iple_a)))))). % escape
thf(fact_4_falseE, axiom,
    ((![G : set_Ho137910533iple_a, C : com, Q : a > state > $o]: (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (^[Z : a]: (^[S : state]: $false)) @ C @ Q) @ bot_bo1298296729iple_a))))). % falseE
thf(fact_5_conseq1, axiom,
    ((![G : set_Ho137910533iple_a, P2 : a > state > $o, C : com, Q : a > state > $o, P : a > state > $o]: ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P2 @ C @ Q) @ bot_bo1298296729iple_a)) => ((![Z2 : a, S2 : state]: ((P @ Z2 @ S2) => (P2 @ Z2 @ S2))) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ C @ Q) @ bot_bo1298296729iple_a))))))). % conseq1
thf(fact_6_conseq2, axiom,
    ((![G : set_Ho137910533iple_a, P : a > state > $o, C : com, Q2 : a > state > $o, Q : a > state > $o]: ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ C @ Q2) @ bot_bo1298296729iple_a)) => ((![Z2 : a, S2 : state]: ((Q2 @ Z2 @ S2) => (Q @ Z2 @ S2))) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ C @ Q) @ bot_bo1298296729iple_a))))))). % conseq2
thf(fact_7_conseq12, axiom,
    ((![G : set_Ho137910533iple_a, P2 : a > state > $o, C : com, Q2 : a > state > $o, P : a > state > $o, Q : a > state > $o]: ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P2 @ C @ Q2) @ bot_bo1298296729iple_a)) => ((![Z2 : a, S2 : state]: ((P @ Z2 @ S2) => (![S4 : state]: ((![Z4 : a]: ((P2 @ Z4 @ S2) => (Q2 @ Z4 @ S4))) => (Q @ Z2 @ S4))))) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ C @ Q) @ bot_bo1298296729iple_a))))))). % conseq12
thf(fact_8__Cconstant_C, axiom,
    ((![C2 : $o, G : set_Ho137910533iple_a, P : a > state > $o, C : com, Q : a > state > $o]: ((C2 => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ C @ Q) @ bot_bo1298296729iple_a))) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (^[Z : a]: (^[S : state]: (((P @ Z @ S)) & (C2)))) @ C @ Q) @ bot_bo1298296729iple_a)))))). % "constant"
thf(fact_9_export__s, axiom,
    ((![G : set_Ho137910533iple_a, P : a > state > $o, C : com, Q : a > state > $o]: ((![S4 : state]: (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (^[Z : a]: (^[S : state]: (((S4 = S)) & ((P @ Z @ S))))) @ C @ Q) @ bot_bo1298296729iple_a))) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ C @ Q) @ bot_bo1298296729iple_a)))))). % export_s
thf(fact_10_single__asm, axiom,
    ((![T : hoare_1678595023iple_a]: (hoare_129598474rivs_a @ (insert1477804543iple_a @ T @ bot_bo1298296729iple_a) @ (insert1477804543iple_a @ T @ bot_bo1298296729iple_a))))). % single_asm
thf(fact_11_triple_Oinduct, axiom,
    ((![P : hoare_1678595023iple_a > $o, Triple : hoare_1678595023iple_a]: ((![X1a : a > state > $o, X2a : com, X3a : a > state > $o]: (P @ (hoare_719046530iple_a @ X1a @ X2a @ X3a))) => (P @ Triple))))). % triple.induct
thf(fact_12_derivs__insertD, axiom,
    ((![G : set_Ho137910533iple_a, T : hoare_1678595023iple_a, Ts : set_Ho137910533iple_a]: ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ T @ Ts)) => ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ T @ bot_bo1298296729iple_a)) & (hoare_129598474rivs_a @ G @ Ts)))))). % derivs_insertD
thf(fact_13_triple_Oexhaust, axiom,
    ((![Y : hoare_1678595023iple_a]: (~ ((![X12 : a > state > $o, X22 : com, X32 : a > state > $o]: (~ ((Y = (hoare_719046530iple_a @ X12 @ X22 @ X32)))))))))). % triple.exhaust
thf(fact_14_cut, axiom,
    ((![G2 : set_Ho137910533iple_a, Ts : set_Ho137910533iple_a, G : set_Ho137910533iple_a]: ((hoare_129598474rivs_a @ G2 @ Ts) => ((hoare_129598474rivs_a @ G @ G2) => (hoare_129598474rivs_a @ G @ Ts)))))). % cut
thf(fact_15_empty, axiom,
    ((![G : set_Ho137910533iple_a]: (hoare_129598474rivs_a @ G @ bot_bo1298296729iple_a)))). % empty
thf(fact_16_conseq, axiom,
    ((![P : a > state > $o, G : set_Ho137910533iple_a, C : com, Q : a > state > $o]: ((![Z2 : a, S2 : state]: ((P @ Z2 @ S2) => (?[P3 : a > state > $o, Q3 : a > state > $o]: ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P3 @ C @ Q3) @ bot_bo1298296729iple_a)) & (![S4 : state]: ((![Z4 : a]: ((P3 @ Z4 @ S2) => (Q3 @ Z4 @ S4))) => (Q @ Z2 @ S4))))))) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ C @ Q) @ bot_bo1298296729iple_a)))))). % conseq
thf(fact_17_hoare__derivs_Oinsert, axiom,
    ((![G : set_Ho137910533iple_a, T : hoare_1678595023iple_a, Ts : set_Ho137910533iple_a]: ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ T @ bot_bo1298296729iple_a)) => ((hoare_129598474rivs_a @ G @ Ts) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ T @ Ts))))))). % hoare_derivs.insert
thf(fact_18_singleton__conv, axiom,
    ((![A : hoare_1678595023iple_a]: ((collec1600235172iple_a @ (^[X : hoare_1678595023iple_a]: (X = A))) = (insert1477804543iple_a @ A @ bot_bo1298296729iple_a))))). % singleton_conv
thf(fact_19_singleton__conv2, axiom,
    ((![A : hoare_1678595023iple_a]: ((collec1600235172iple_a @ ((^[Y4 : hoare_1678595023iple_a]: (^[Z5 : hoare_1678595023iple_a]: (Y4 = Z5))) @ A)) = (insert1477804543iple_a @ A @ bot_bo1298296729iple_a))))). % singleton_conv2
thf(fact_20_singletonI, axiom,
    ((![A : hoare_1678595023iple_a]: (member1332298086iple_a @ A @ (insert1477804543iple_a @ A @ bot_bo1298296729iple_a))))). % singletonI
thf(fact_21_hoare__derivs_OLocal, axiom,
    ((![G : set_Ho137910533iple_a, P : a > state > $o, C : com, Q : a > state > $o, X4 : loc, S5 : state, A : state > nat]: ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ C @ (^[Z : a]: (^[S : state]: (Q @ Z @ (update @ S @ (loc2 @ X4) @ (getlocs @ S5 @ X4)))))) @ bot_bo1298296729iple_a)) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (^[Z : a]: (^[S : state]: (((S5 = S)) & ((P @ Z @ (update @ S @ (loc2 @ X4) @ (A @ S))))))) @ (local @ X4 @ A @ C) @ Q) @ bot_bo1298296729iple_a)))))). % hoare_derivs.Local
thf(fact_22_vname_Oinject_I2_J, axiom,
    ((![X2 : loc, Y2 : loc]: (((loc2 @ X2) = (loc2 @ Y2)) = (X2 = Y2))))). % vname.inject(2)
thf(fact_23_com_Oinject_I2_J, axiom,
    ((![X31 : loc, X322 : state > nat, X33 : com, Y31 : loc, Y32 : state > nat, Y33 : com]: (((local @ X31 @ X322 @ X33) = (local @ Y31 @ Y32 @ Y33)) = (((X31 = Y31)) & ((((X322 = Y32)) & ((X33 = Y33))))))))). % com.inject(2)
thf(fact_24_insertCI, axiom,
    ((![A : hoare_1678595023iple_a, B : set_Ho137910533iple_a, B2 : hoare_1678595023iple_a]: (((~ ((member1332298086iple_a @ A @ B))) => (A = B2)) => (member1332298086iple_a @ A @ (insert1477804543iple_a @ B2 @ B)))))). % insertCI
thf(fact_25_insert__iff, axiom,
    ((![A : hoare_1678595023iple_a, B2 : hoare_1678595023iple_a, A2 : set_Ho137910533iple_a]: ((member1332298086iple_a @ A @ (insert1477804543iple_a @ B2 @ A2)) = (((A = B2)) | ((member1332298086iple_a @ A @ A2))))))). % insert_iff
thf(fact_26_insert__absorb2, axiom,
    ((![X5 : hoare_1678595023iple_a, A2 : set_Ho137910533iple_a]: ((insert1477804543iple_a @ X5 @ (insert1477804543iple_a @ X5 @ A2)) = (insert1477804543iple_a @ X5 @ A2))))). % insert_absorb2
thf(fact_27_empty__iff, axiom,
    ((![C : hoare_1678595023iple_a]: (~ ((member1332298086iple_a @ C @ bot_bo1298296729iple_a)))))). % empty_iff
thf(fact_28_all__not__in__conv, axiom,
    ((![A2 : set_Ho137910533iple_a]: ((![X : hoare_1678595023iple_a]: (~ ((member1332298086iple_a @ X @ A2)))) = (A2 = bot_bo1298296729iple_a))))). % all_not_in_conv
thf(fact_29_Collect__empty__eq, axiom,
    ((![P : hoare_1678595023iple_a > $o]: (((collec1600235172iple_a @ P) = bot_bo1298296729iple_a) = (![X : hoare_1678595023iple_a]: (~ ((P @ X)))))))). % Collect_empty_eq
thf(fact_30_empty__Collect__eq, axiom,
    ((![P : hoare_1678595023iple_a > $o]: ((bot_bo1298296729iple_a = (collec1600235172iple_a @ P)) = (![X : hoare_1678595023iple_a]: (~ ((P @ X)))))))). % empty_Collect_eq
thf(fact_31_ex__in__conv, axiom,
    ((![A2 : set_Ho137910533iple_a]: ((?[X : hoare_1678595023iple_a]: (member1332298086iple_a @ X @ A2)) = (~ ((A2 = bot_bo1298296729iple_a))))))). % ex_in_conv
thf(fact_32_equals0I, axiom,
    ((![A2 : set_Ho137910533iple_a]: ((![Y5 : hoare_1678595023iple_a]: (~ ((member1332298086iple_a @ Y5 @ A2)))) => (A2 = bot_bo1298296729iple_a))))). % equals0I
thf(fact_33_equals0D, axiom,
    ((![A2 : set_Ho137910533iple_a, A : hoare_1678595023iple_a]: ((A2 = bot_bo1298296729iple_a) => (~ ((member1332298086iple_a @ A @ A2))))))). % equals0D
thf(fact_34_emptyE, axiom,
    ((![A : hoare_1678595023iple_a]: (~ ((member1332298086iple_a @ A @ bot_bo1298296729iple_a)))))). % emptyE
thf(fact_35_mk__disjoint__insert, axiom,
    ((![A : hoare_1678595023iple_a, A2 : set_Ho137910533iple_a]: ((member1332298086iple_a @ A @ A2) => (?[B3 : set_Ho137910533iple_a]: ((A2 = (insert1477804543iple_a @ A @ B3)) & (~ ((member1332298086iple_a @ A @ B3))))))))). % mk_disjoint_insert
thf(fact_36_insert__commute, axiom,
    ((![X5 : hoare_1678595023iple_a, Y : hoare_1678595023iple_a, A2 : set_Ho137910533iple_a]: ((insert1477804543iple_a @ X5 @ (insert1477804543iple_a @ Y @ A2)) = (insert1477804543iple_a @ Y @ (insert1477804543iple_a @ X5 @ A2)))))). % insert_commute
thf(fact_37_insert__eq__iff, axiom,
    ((![A : hoare_1678595023iple_a, A2 : set_Ho137910533iple_a, B2 : hoare_1678595023iple_a, B : set_Ho137910533iple_a]: ((~ ((member1332298086iple_a @ A @ A2))) => ((~ ((member1332298086iple_a @ B2 @ B))) => (((insert1477804543iple_a @ A @ A2) = (insert1477804543iple_a @ B2 @ B)) = (((((A = B2)) => ((A2 = B)))) & ((((~ ((A = B2)))) => ((?[C3 : set_Ho137910533iple_a]: (((A2 = (insert1477804543iple_a @ B2 @ C3))) & ((((~ ((member1332298086iple_a @ B2 @ C3)))) & ((((B = (insert1477804543iple_a @ A @ C3))) & ((~ ((member1332298086iple_a @ A @ C3)))))))))))))))))))). % insert_eq_iff
thf(fact_38_insert__absorb, axiom,
    ((![A : hoare_1678595023iple_a, A2 : set_Ho137910533iple_a]: ((member1332298086iple_a @ A @ A2) => ((insert1477804543iple_a @ A @ A2) = A2))))). % insert_absorb
thf(fact_39_insert__ident, axiom,
    ((![X5 : hoare_1678595023iple_a, A2 : set_Ho137910533iple_a, B : set_Ho137910533iple_a]: ((~ ((member1332298086iple_a @ X5 @ A2))) => ((~ ((member1332298086iple_a @ X5 @ B))) => (((insert1477804543iple_a @ X5 @ A2) = (insert1477804543iple_a @ X5 @ B)) = (A2 = B))))))). % insert_ident
thf(fact_40_Set_Oset__insert, axiom,
    ((![X5 : hoare_1678595023iple_a, A2 : set_Ho137910533iple_a]: ((member1332298086iple_a @ X5 @ A2) => (~ ((![B3 : set_Ho137910533iple_a]: ((A2 = (insert1477804543iple_a @ X5 @ B3)) => (member1332298086iple_a @ X5 @ B3))))))))). % Set.set_insert
thf(fact_41_insertI2, axiom,
    ((![A : hoare_1678595023iple_a, B : set_Ho137910533iple_a, B2 : hoare_1678595023iple_a]: ((member1332298086iple_a @ A @ B) => (member1332298086iple_a @ A @ (insert1477804543iple_a @ B2 @ B)))))). % insertI2
thf(fact_42_insertI1, axiom,
    ((![A : hoare_1678595023iple_a, B : set_Ho137910533iple_a]: (member1332298086iple_a @ A @ (insert1477804543iple_a @ A @ B))))). % insertI1
thf(fact_43_insertE, axiom,
    ((![A : hoare_1678595023iple_a, B2 : hoare_1678595023iple_a, A2 : set_Ho137910533iple_a]: ((member1332298086iple_a @ A @ (insert1477804543iple_a @ B2 @ A2)) => ((~ ((A = B2))) => (member1332298086iple_a @ A @ A2)))))). % insertE
thf(fact_44_empty__def, axiom,
    ((bot_bo1298296729iple_a = (collec1600235172iple_a @ (^[X : hoare_1678595023iple_a]: $false))))). % empty_def
thf(fact_45_insert__Collect, axiom,
    ((![A : hoare_1678595023iple_a, P : hoare_1678595023iple_a > $o]: ((insert1477804543iple_a @ A @ (collec1600235172iple_a @ P)) = (collec1600235172iple_a @ (^[U : hoare_1678595023iple_a]: (((~ ((U = A)))) => ((P @ U))))))))). % insert_Collect
thf(fact_46_insert__compr, axiom,
    ((insert1477804543iple_a = (^[A3 : hoare_1678595023iple_a]: (^[B4 : set_Ho137910533iple_a]: (collec1600235172iple_a @ (^[X : hoare_1678595023iple_a]: (((X = A3)) | ((member1332298086iple_a @ X @ B4)))))))))). % insert_compr
thf(fact_47_singleton__inject, axiom,
    ((![A : hoare_1678595023iple_a, B2 : hoare_1678595023iple_a]: (((insert1477804543iple_a @ A @ bot_bo1298296729iple_a) = (insert1477804543iple_a @ B2 @ bot_bo1298296729iple_a)) => (A = B2))))). % singleton_inject
thf(fact_48_insert__not__empty, axiom,
    ((![A : hoare_1678595023iple_a, A2 : set_Ho137910533iple_a]: (~ (((insert1477804543iple_a @ A @ A2) = bot_bo1298296729iple_a)))))). % insert_not_empty
thf(fact_49_doubleton__eq__iff, axiom,
    ((![A : hoare_1678595023iple_a, B2 : hoare_1678595023iple_a, C : hoare_1678595023iple_a, D : hoare_1678595023iple_a]: (((insert1477804543iple_a @ A @ (insert1477804543iple_a @ B2 @ bot_bo1298296729iple_a)) = (insert1477804543iple_a @ C @ (insert1477804543iple_a @ D @ bot_bo1298296729iple_a))) = (((((A = C)) & ((B2 = D)))) | ((((A = D)) & ((B2 = C))))))))). % doubleton_eq_iff
thf(fact_50_singleton__iff, axiom,
    ((![B2 : hoare_1678595023iple_a, A : hoare_1678595023iple_a]: ((member1332298086iple_a @ B2 @ (insert1477804543iple_a @ A @ bot_bo1298296729iple_a)) = (B2 = A))))). % singleton_iff
thf(fact_51_singletonD, axiom,
    ((![B2 : hoare_1678595023iple_a, A : hoare_1678595023iple_a]: ((member1332298086iple_a @ B2 @ (insert1477804543iple_a @ A @ bot_bo1298296729iple_a)) => (B2 = A))))). % singletonD
thf(fact_52_Collect__conv__if2, axiom,
    ((![P : hoare_1678595023iple_a > $o, A : hoare_1678595023iple_a]: (((P @ A) => ((collec1600235172iple_a @ (^[X : hoare_1678595023iple_a]: (((A = X)) & ((P @ X))))) = (insert1477804543iple_a @ A @ bot_bo1298296729iple_a))) & ((~ ((P @ A))) => ((collec1600235172iple_a @ (^[X : hoare_1678595023iple_a]: (((A = X)) & ((P @ X))))) = bot_bo1298296729iple_a)))))). % Collect_conv_if2
thf(fact_53_Collect__conv__if, axiom,
    ((![P : hoare_1678595023iple_a > $o, A : hoare_1678595023iple_a]: (((P @ A) => ((collec1600235172iple_a @ (^[X : hoare_1678595023iple_a]: (((X = A)) & ((P @ X))))) = (insert1477804543iple_a @ A @ bot_bo1298296729iple_a))) & ((~ ((P @ A))) => ((collec1600235172iple_a @ (^[X : hoare_1678595023iple_a]: (((X = A)) & ((P @ X))))) = bot_bo1298296729iple_a)))))). % Collect_conv_if
thf(fact_54_the__elem__eq, axiom,
    ((![X5 : hoare_1678595023iple_a]: ((the_el434698138iple_a @ (insert1477804543iple_a @ X5 @ bot_bo1298296729iple_a)) = X5)))). % the_elem_eq
thf(fact_55_Ass, axiom,
    ((![G : set_Ho137910533iple_a, P : a > state > $o, X4 : vname, A : state > nat]: (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (^[Z : a]: (^[S : state]: (P @ Z @ (update @ S @ X4 @ (A @ S))))) @ (ass @ X4 @ A) @ P) @ bot_bo1298296729iple_a))))). % Ass
thf(fact_56_is__singletonI, axiom,
    ((![X5 : hoare_1678595023iple_a]: (is_sin1784037339iple_a @ (insert1477804543iple_a @ X5 @ bot_bo1298296729iple_a))))). % is_singletonI
thf(fact_57_hoare__derivs_OSkip, axiom,
    ((![G : set_Ho137910533iple_a, P : a > state > $o]: (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ skip @ P) @ bot_bo1298296729iple_a))))). % hoare_derivs.Skip
thf(fact_58_hoare__SkipI, axiom,
    ((![P : a > state > $o, Q : a > state > $o, G : set_Ho137910533iple_a]: ((![Z2 : a, S2 : state]: ((P @ Z2 @ S2) => (Q @ Z2 @ S2))) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ skip @ Q) @ bot_bo1298296729iple_a)))))). % hoare_SkipI
thf(fact_59_Comp, axiom,
    ((![G : set_Ho137910533iple_a, P : a > state > $o, C : com, Q : a > state > $o, D : com, R : a > state > $o]: ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ C @ Q) @ bot_bo1298296729iple_a)) => ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ Q @ D @ R) @ bot_bo1298296729iple_a)) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ (semi @ C @ D) @ R) @ bot_bo1298296729iple_a))))))). % Comp
thf(fact_60_LoopF, axiom,
    ((![G : set_Ho137910533iple_a, P : a > state > $o, B2 : state > $o, C : com]: (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (^[Z : a]: (^[S : state]: (((P @ Z @ S)) & ((~ ((B2 @ S))))))) @ (while @ B2 @ C) @ P) @ bot_bo1298296729iple_a))))). % LoopF
thf(fact_61_com_Oinject_I5_J, axiom,
    ((![X61 : state > $o, X62 : com, Y61 : state > $o, Y62 : com]: (((while @ X61 @ X62) = (while @ Y61 @ Y62)) = (((X61 = Y61)) & ((X62 = Y62))))))). % com.inject(5)
thf(fact_62_com_Oinject_I3_J, axiom,
    ((![X41 : com, X42 : com, Y41 : com, Y42 : com]: (((semi @ X41 @ X42) = (semi @ Y41 @ Y42)) = (((X41 = Y41)) & ((X42 = Y42))))))). % com.inject(3)
thf(fact_63_com_Oinject_I1_J, axiom,
    ((![X21 : vname, X222 : state > nat, Y21 : vname, Y22 : state > nat]: (((ass @ X21 @ X222) = (ass @ Y21 @ Y22)) = (((X21 = Y21)) & ((X222 = Y22))))))). % com.inject(1)
thf(fact_64_com_Odistinct_I39_J, axiom,
    ((![X41 : com, X42 : com, X61 : state > $o, X62 : com]: (~ (((semi @ X41 @ X42) = (while @ X61 @ X62))))))). % com.distinct(39)
thf(fact_65_com_Odistinct_I21_J, axiom,
    ((![X21 : vname, X222 : state > nat, X61 : state > $o, X62 : com]: (~ (((ass @ X21 @ X222) = (while @ X61 @ X62))))))). % com.distinct(21)
thf(fact_66_com_Odistinct_I17_J, axiom,
    ((![X21 : vname, X222 : state > nat, X41 : com, X42 : com]: (~ (((ass @ X21 @ X222) = (semi @ X41 @ X42))))))). % com.distinct(17)
thf(fact_67_com_Odistinct_I9_J, axiom,
    ((![X61 : state > $o, X62 : com]: (~ ((skip = (while @ X61 @ X62))))))). % com.distinct(9)
thf(fact_68_com_Odistinct_I5_J, axiom,
    ((![X41 : com, X42 : com]: (~ ((skip = (semi @ X41 @ X42))))))). % com.distinct(5)
thf(fact_69_com_Odistinct_I1_J, axiom,
    ((![X21 : vname, X222 : state > nat]: (~ ((skip = (ass @ X21 @ X222))))))). % com.distinct(1)
thf(fact_70_bot__set__def, axiom,
    ((bot_bo1298296729iple_a = (collec1600235172iple_a @ bot_bo431311916le_a_o)))). % bot_set_def
thf(fact_71_com_Odistinct_I31_J, axiom,
    ((![X31 : loc, X322 : state > nat, X33 : com, X61 : state > $o, X62 : com]: (~ (((local @ X31 @ X322 @ X33) = (while @ X61 @ X62))))))). % com.distinct(31)
thf(fact_72_com_Odistinct_I15_J, axiom,
    ((![X21 : vname, X222 : state > nat, X31 : loc, X322 : state > nat, X33 : com]: (~ (((ass @ X21 @ X222) = (local @ X31 @ X322 @ X33))))))). % com.distinct(15)
thf(fact_73_com_Odistinct_I27_J, axiom,
    ((![X31 : loc, X322 : state > nat, X33 : com, X41 : com, X42 : com]: (~ (((local @ X31 @ X322 @ X33) = (semi @ X41 @ X42))))))). % com.distinct(27)
thf(fact_74_com_Odistinct_I3_J, axiom,
    ((![X31 : loc, X322 : state > nat, X33 : com]: (~ ((skip = (local @ X31 @ X322 @ X33))))))). % com.distinct(3)
thf(fact_75_is__singleton__the__elem, axiom,
    ((is_sin1784037339iple_a = (^[A4 : set_Ho137910533iple_a]: (A4 = (insert1477804543iple_a @ (the_el434698138iple_a @ A4) @ bot_bo1298296729iple_a)))))). % is_singleton_the_elem
thf(fact_76_is__singletonI_H, axiom,
    ((![A2 : set_Ho137910533iple_a]: ((~ ((A2 = bot_bo1298296729iple_a))) => ((![X6 : hoare_1678595023iple_a, Y5 : hoare_1678595023iple_a]: ((member1332298086iple_a @ X6 @ A2) => ((member1332298086iple_a @ Y5 @ A2) => (X6 = Y5)))) => (is_sin1784037339iple_a @ A2)))))). % is_singletonI'
thf(fact_77_is__singletonE, axiom,
    ((![A2 : set_Ho137910533iple_a]: ((is_sin1784037339iple_a @ A2) => (~ ((![X6 : hoare_1678595023iple_a]: (~ ((A2 = (insert1477804543iple_a @ X6 @ bot_bo1298296729iple_a))))))))))). % is_singletonE
thf(fact_78_is__singleton__def, axiom,
    ((is_sin1784037339iple_a = (^[A4 : set_Ho137910533iple_a]: (?[X : hoare_1678595023iple_a]: (A4 = (insert1477804543iple_a @ X @ bot_bo1298296729iple_a))))))). % is_singleton_def
thf(fact_79_Set_Ois__empty__def, axiom,
    ((is_emp901906557iple_a = (^[A4 : set_Ho137910533iple_a]: (A4 = bot_bo1298296729iple_a))))). % Set.is_empty_def
thf(fact_80_the__elem__def, axiom,
    ((the_el434698138iple_a = (^[X7 : set_Ho137910533iple_a]: (the_Ho1602500360iple_a @ (^[X : hoare_1678595023iple_a]: (X7 = (insert1477804543iple_a @ X @ bot_bo1298296729iple_a)))))))). % the_elem_def
thf(fact_81_evalc__elim__cases_I3_J, axiom,
    ((![Y6 : loc, A : state > nat, C : com, S6 : state, T : state]: ((evalc @ (local @ Y6 @ A @ C) @ S6 @ T) => (~ ((![S1 : state]: ((T = (update @ S1 @ (loc2 @ Y6) @ (getlocs @ S6 @ Y6))) => (~ ((evalc @ C @ (update @ S6 @ (loc2 @ Y6) @ (A @ S6)) @ S1))))))))))). % evalc_elim_cases(3)
thf(fact_82_evalc_OLocal, axiom,
    ((![C : com, S0 : state, Y6 : loc, A : state > nat, S12 : state]: ((evalc @ C @ (update @ S0 @ (loc2 @ Y6) @ (A @ S0)) @ S12) => (evalc @ (local @ Y6 @ A @ C) @ S0 @ (update @ S12 @ (loc2 @ Y6) @ (getlocs @ S0 @ Y6))))))). % evalc.Local
thf(fact_83_evaln__elim__cases_I3_J, axiom,
    ((![Y6 : loc, A : state > nat, C : com, S6 : state, N : nat, T : state]: ((evaln @ (local @ Y6 @ A @ C) @ S6 @ N @ T) => (~ ((![S1 : state]: ((T = (update @ S1 @ (loc2 @ Y6) @ (getlocs @ S6 @ Y6))) => (~ ((evaln @ C @ (update @ S6 @ (loc2 @ Y6) @ (A @ S6)) @ N @ S1))))))))))). % evaln_elim_cases(3)
thf(fact_84_evaln__WHILE__case, axiom,
    ((![B2 : state > $o, C : com, S6 : state, N : nat, T : state]: ((evaln @ (while @ B2 @ C) @ S6 @ N @ T) => (((T = S6) => (B2 @ S6)) => (~ (((B2 @ S6) => (![S1 : state]: ((evaln @ C @ S6 @ N @ S1) => (~ ((evaln @ (while @ B2 @ C) @ S1 @ N @ T))))))))))))). % evaln_WHILE_case
thf(fact_85_evaln_OWhileFalse, axiom,
    ((![B2 : state > $o, S6 : state, C : com, N : nat]: ((~ ((B2 @ S6))) => (evaln @ (while @ B2 @ C) @ S6 @ N @ S6))))). % evaln.WhileFalse
thf(fact_86_evalc__WHILE__case, axiom,
    ((![B2 : state > $o, C : com, S6 : state, T : state]: ((evalc @ (while @ B2 @ C) @ S6 @ T) => (((T = S6) => (B2 @ S6)) => (~ (((B2 @ S6) => (![S1 : state]: ((evalc @ C @ S6 @ S1) => (~ ((evalc @ (while @ B2 @ C) @ S1 @ T))))))))))))). % evalc_WHILE_case
thf(fact_87_evalc_OWhileFalse, axiom,
    ((![B2 : state > $o, S6 : state, C : com]: ((~ ((B2 @ S6))) => (evalc @ (while @ B2 @ C) @ S6 @ S6))))). % evalc.WhileFalse
thf(fact_88_evaln_OWhileTrue, axiom,
    ((![B2 : state > $o, S0 : state, C : com, N : nat, S12 : state, S22 : state]: ((B2 @ S0) => ((evaln @ C @ S0 @ N @ S12) => ((evaln @ (while @ B2 @ C) @ S12 @ N @ S22) => (evaln @ (while @ B2 @ C) @ S0 @ N @ S22))))))). % evaln.WhileTrue
thf(fact_89_evalc_OWhileTrue, axiom,
    ((![B2 : state > $o, S0 : state, C : com, S12 : state, S22 : state]: ((B2 @ S0) => ((evalc @ C @ S0 @ S12) => ((evalc @ (while @ B2 @ C) @ S12 @ S22) => (evalc @ (while @ B2 @ C) @ S0 @ S22))))))). % evalc.WhileTrue
thf(fact_90_evaln_OSkip, axiom,
    ((![S6 : state, N : nat]: (evaln @ skip @ S6 @ N @ S6)))). % evaln.Skip
thf(fact_91_evaln_OSemi, axiom,
    ((![C0 : com, S0 : state, N : nat, S12 : state, C1 : com, S22 : state]: ((evaln @ C0 @ S0 @ N @ S12) => ((evaln @ C1 @ S12 @ N @ S22) => (evaln @ (semi @ C0 @ C1) @ S0 @ N @ S22)))))). % evaln.Semi
thf(fact_92_evalc_OSkip, axiom,
    ((![S6 : state]: (evalc @ skip @ S6 @ S6)))). % evalc.Skip
thf(fact_93_evalc_OSemi, axiom,
    ((![C0 : com, S0 : state, S12 : state, C1 : com, S22 : state]: ((evalc @ C0 @ S0 @ S12) => ((evalc @ C1 @ S12 @ S22) => (evalc @ (semi @ C0 @ C1) @ S0 @ S22)))))). % evalc.Semi
thf(fact_94_evaln__elim__cases_I1_J, axiom,
    ((![S6 : state, N : nat, T : state]: ((evaln @ skip @ S6 @ N @ T) => (T = S6))))). % evaln_elim_cases(1)
thf(fact_95_evaln__elim__cases_I4_J, axiom,
    ((![C1 : com, C22 : com, S6 : state, N : nat, T : state]: ((evaln @ (semi @ C1 @ C22) @ S6 @ N @ T) => (~ ((![S1 : state]: ((evaln @ C1 @ S6 @ N @ S1) => (~ ((evaln @ C22 @ S1 @ N @ T))))))))))). % evaln_elim_cases(4)
thf(fact_96_evalc__elim__cases_I1_J, axiom,
    ((![S6 : state, T : state]: ((evalc @ skip @ S6 @ T) => (T = S6))))). % evalc_elim_cases(1)
thf(fact_97_evalc__elim__cases_I4_J, axiom,
    ((![C1 : com, C22 : com, S6 : state, T : state]: ((evalc @ (semi @ C1 @ C22) @ S6 @ T) => (~ ((![S1 : state]: ((evalc @ C1 @ S6 @ S1) => (~ ((evalc @ C22 @ S1 @ T))))))))))). % evalc_elim_cases(4)
thf(fact_98_com__det, axiom,
    ((![C : com, S6 : state, T : state, U2 : state]: ((evalc @ C @ S6 @ T) => ((evalc @ C @ S6 @ U2) => (U2 = T)))))). % com_det
thf(fact_99_eval__eq, axiom,
    ((evalc = (^[C4 : com]: (^[S : state]: (^[T2 : state]: (?[N2 : nat]: (evaln @ C4 @ S @ N2 @ T2)))))))). % eval_eq
thf(fact_100_evaln__max2, axiom,
    ((![C1 : com, S12 : state, N1 : nat, T1 : state, C22 : com, S22 : state, N22 : nat, T22 : state]: ((evaln @ C1 @ S12 @ N1 @ T1) => ((evaln @ C22 @ S22 @ N22 @ T22) => (?[N3 : nat]: ((evaln @ C1 @ S12 @ N3 @ T1) & (evaln @ C22 @ S22 @ N3 @ T22)))))))). % evaln_max2
thf(fact_101_evalc__evaln, axiom,
    ((![C : com, S6 : state, T : state]: ((evalc @ C @ S6 @ T) => (?[N3 : nat]: (evaln @ C @ S6 @ N3 @ T)))))). % evalc_evaln
thf(fact_102_evaln__evalc, axiom,
    ((![C : com, S6 : state, N : nat, T : state]: ((evaln @ C @ S6 @ N @ T) => (evalc @ C @ S6 @ T))))). % evaln_evalc
thf(fact_103_evaln__elim__cases_I2_J, axiom,
    ((![X4 : vname, A : state > nat, S6 : state, N : nat, T : state]: ((evaln @ (ass @ X4 @ A) @ S6 @ N @ T) => (T = (update @ S6 @ X4 @ (A @ S6))))))). % evaln_elim_cases(2)
thf(fact_104_evaln_OAssign, axiom,
    ((![X4 : vname, A : state > nat, S6 : state, N : nat]: (evaln @ (ass @ X4 @ A) @ S6 @ N @ (update @ S6 @ X4 @ (A @ S6)))))). % evaln.Assign
thf(fact_105_evalc__elim__cases_I2_J, axiom,
    ((![X4 : vname, A : state > nat, S6 : state, T : state]: ((evalc @ (ass @ X4 @ A) @ S6 @ T) => (T = (update @ S6 @ X4 @ (A @ S6))))))). % evalc_elim_cases(2)
thf(fact_106_evalc_OAssign, axiom,
    ((![X4 : vname, A : state > nat, S6 : state]: (evalc @ (ass @ X4 @ A) @ S6 @ (update @ S6 @ X4 @ (A @ S6)))))). % evalc.Assign
thf(fact_107_evaln_OLocal, axiom,
    ((![C : com, S0 : state, Y6 : loc, A : state > nat, N : nat, S12 : state]: ((evaln @ C @ (update @ S0 @ (loc2 @ Y6) @ (A @ S0)) @ N @ S12) => (evaln @ (local @ Y6 @ A @ C) @ S0 @ N @ (update @ S12 @ (loc2 @ Y6) @ (getlocs @ S0 @ Y6))))))). % evaln.Local
thf(fact_108_Collect__empty__eq__bot, axiom,
    ((![P : hoare_1678595023iple_a > $o]: (((collec1600235172iple_a @ P) = bot_bo1298296729iple_a) = (P = bot_bo431311916le_a_o))))). % Collect_empty_eq_bot
thf(fact_109_bot__empty__eq, axiom,
    ((bot_bo431311916le_a_o = (^[X : hoare_1678595023iple_a]: (member1332298086iple_a @ X @ bot_bo1298296729iple_a))))). % bot_empty_eq
thf(fact_110_triple__valid__def2, axiom,
    ((![N : nat, P : a > state > $o, C : com, Q : a > state > $o]: ((hoare_1926814542alid_a @ N @ (hoare_719046530iple_a @ P @ C @ Q)) = (![Z : a]: (![S : state]: (((P @ Z @ S)) => ((![S3 : state]: (((evaln @ C @ S @ N @ S3)) => ((Q @ Z @ S3)))))))))))). % triple_valid_def2
thf(fact_111_Loop, axiom,
    ((![G : set_Ho137910533iple_a, P : a > state > $o, B2 : state > $o, C : com]: ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (hoare_1795417776_and_a @ P @ B2) @ C @ P) @ bot_bo1298296729iple_a)) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ (while @ B2 @ C) @ (hoare_1795417776_and_a @ P @ (comp_o_o_state @ (~) @ B2))) @ bot_bo1298296729iple_a)))))). % Loop
thf(fact_112_Loop__sound__lemma, axiom,
    ((![G : set_Ho137910533iple_a, P : a > state > $o, B2 : state > $o, C : com]: ((hoare_1775499016lids_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (hoare_1795417776_and_a @ P @ B2) @ C @ P) @ bot_bo1298296729iple_a)) => (hoare_1775499016lids_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ (while @ B2 @ C) @ (hoare_1795417776_and_a @ P @ (comp_o_o_state @ (~) @ B2))) @ bot_bo1298296729iple_a)))))). % Loop_sound_lemma
thf(fact_113_hoare__derivs_OIf, axiom,
    ((![G : set_Ho137910533iple_a, P : a > state > $o, B2 : state > $o, C : com, Q : a > state > $o, D : com]: ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (hoare_1795417776_and_a @ P @ B2) @ C @ Q) @ bot_bo1298296729iple_a)) => ((hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (hoare_1795417776_and_a @ P @ (comp_o_o_state @ (~) @ B2)) @ D @ Q) @ bot_bo1298296729iple_a)) => (hoare_129598474rivs_a @ G @ (insert1477804543iple_a @ (hoare_719046530iple_a @ P @ (cond @ B2 @ C @ D) @ Q) @ bot_bo1298296729iple_a))))))). % hoare_derivs.If
thf(fact_114_com_Oinject_I4_J, axiom,
    ((![X51 : state > $o, X52 : com, X53 : com, Y51 : state > $o, Y52 : com, Y53 : com]: (((cond @ X51 @ X52 @ X53) = (cond @ Y51 @ Y52 @ Y53)) = (((X51 = Y51)) & ((((X52 = Y52)) & ((X53 = Y53))))))))). % com.inject(4)
thf(fact_115_com_Odistinct_I7_J, axiom,
    ((![X51 : state > $o, X52 : com, X53 : com]: (~ ((skip = (cond @ X51 @ X52 @ X53))))))). % com.distinct(7)
thf(fact_116_com_Odistinct_I37_J, axiom,
    ((![X41 : com, X42 : com, X51 : state > $o, X52 : com, X53 : com]: (~ (((semi @ X41 @ X42) = (cond @ X51 @ X52 @ X53))))))). % com.distinct(37)
thf(fact_117_com_Odistinct_I19_J, axiom,
    ((![X21 : vname, X222 : state > nat, X51 : state > $o, X52 : com, X53 : com]: (~ (((ass @ X21 @ X222) = (cond @ X51 @ X52 @ X53))))))). % com.distinct(19)
thf(fact_118_com_Odistinct_I29_J, axiom,
    ((![X31 : loc, X322 : state > nat, X33 : com, X51 : state > $o, X52 : com, X53 : com]: (~ (((local @ X31 @ X322 @ X33) = (cond @ X51 @ X52 @ X53))))))). % com.distinct(29)
thf(fact_119_com_Odistinct_I45_J, axiom,
    ((![X51 : state > $o, X52 : com, X53 : com, X61 : state > $o, X62 : com]: (~ (((cond @ X51 @ X52 @ X53) = (while @ X61 @ X62))))))). % com.distinct(45)
thf(fact_120_evaln_OIfFalse, axiom,
    ((![B2 : state > $o, S6 : state, C1 : com, N : nat, S12 : state, C0 : com]: ((~ ((B2 @ S6))) => ((evaln @ C1 @ S6 @ N @ S12) => (evaln @ (cond @ B2 @ C0 @ C1) @ S6 @ N @ S12)))))). % evaln.IfFalse
thf(fact_121_evalc_OIfFalse, axiom,
    ((![B2 : state > $o, S6 : state, C1 : com, S12 : state, C0 : com]: ((~ ((B2 @ S6))) => ((evalc @ C1 @ S6 @ S12) => (evalc @ (cond @ B2 @ C0 @ C1) @ S6 @ S12)))))). % evalc.IfFalse
thf(fact_122_evaln_OIfTrue, axiom,
    ((![B2 : state > $o, S6 : state, C0 : com, N : nat, S12 : state, C1 : com]: ((B2 @ S6) => ((evaln @ C0 @ S6 @ N @ S12) => (evaln @ (cond @ B2 @ C0 @ C1) @ S6 @ N @ S12)))))). % evaln.IfTrue
thf(fact_123_evalc_OIfTrue, axiom,
    ((![B2 : state > $o, S6 : state, C0 : com, S12 : state, C1 : com]: ((B2 @ S6) => ((evalc @ C0 @ S6 @ S12) => (evalc @ (cond @ B2 @ C0 @ C1) @ S6 @ S12)))))). % evalc.IfTrue
thf(fact_124_evaln__elim__cases_I5_J, axiom,
    ((![B2 : state > $o, C1 : com, C22 : com, S6 : state, N : nat, T : state]: ((evaln @ (cond @ B2 @ C1 @ C22) @ S6 @ N @ T) => (((B2 @ S6) => (~ ((evaln @ C1 @ S6 @ N @ T)))) => (~ (((~ ((B2 @ S6))) => (~ ((evaln @ C22 @ S6 @ N @ T))))))))))). % evaln_elim_cases(5)
thf(fact_125_evalc__elim__cases_I5_J, axiom,
    ((![B2 : state > $o, C1 : com, C22 : com, S6 : state, T : state]: ((evalc @ (cond @ B2 @ C1 @ C22) @ S6 @ T) => (((B2 @ S6) => (~ ((evalc @ C1 @ S6 @ T)))) => (~ (((~ ((B2 @ S6))) => (~ ((evalc @ C22 @ S6 @ T))))))))))). % evalc_elim_cases(5)
thf(fact_126_hoare__sound, axiom,
    ((![G : set_Ho137910533iple_a, Ts : set_Ho137910533iple_a]: ((hoare_129598474rivs_a @ G @ Ts) => (hoare_1775499016lids_a @ G @ Ts))))). % hoare_sound

% Conjectures (3)
thf(conj_0, hypothesis,
    ((hoare_129598474rivs_a @ g @ (insert1477804543iple_a @ (hoare_719046530iple_a @ p @ c @ q) @ bot_bo1298296729iple_a)))).
thf(conj_1, hypothesis,
    ((![K : nat, Z6 : a, S7 : state]: ((q @ Z6 @ S7) => (q @ Z6 @ (update @ S7 @ (loc2 @ y) @ K)))))).
thf(conj_2, conjecture,
    ((hoare_129598474rivs_a @ g @ (insert1477804543iple_a @ (hoare_719046530iple_a @ (^[Z : a]: (^[S : state]: (((s = S)) & ((p @ Z @ (update @ S @ (loc2 @ y) @ (a2 @ S))))))) @ (local @ y @ a2 @ c) @ q) @ bot_bo1298296729iple_a)))).
